hi everyone!
i'm desperate. all i was supposed to do, was leave the current ADS (w2k DC)
in which samba
has been working flawlessly (except for the excel sharing bug and permission
problems) for
1,5 years and integrate it into the new w2k3 DC.
now for versions and misc data:
gds-2.6.11-r3 SMP
samba-3.0.11 something (latest ~x86 as of Mar14)
mit-krb5 (latest ~x86 as of Mar14)
old domain: ABC.com
new domain: DEF.local
(well not ABC and DEF but you get the point)
old DC 10.0.0.10 (w2k)
new DC 10.0.0.5 (w2k3)
local IP 10.0.0.20
unfortuneatly i forgot the net ads leave command and edited all files like
smb.conf krb5.conf resolv.conf
yp.conf.
anyways i couldn't join, because it somehow remembered the old domain name
and it still does
see 3
1) what files to clean??? i removed all .tdb files (/etc/samba/private and
/var/lib/samba/private) and removed
all /var/cache/samba/files and somehow it remembers ABC.com - that was
driving me crazy
2) because i couldn't join, i undoed all config stuff and tried leaving the
old domain, didn't work either.
the problem was that i always was asked for the machine account password
(fileserver$)?! nobody can
know this one, as it's random garbage i thought (stored somewhere in some
form).
options like -U are ignored for the leave command and i have never seen it
ask for the machine account password,
doesn't make any sense to my simple mind at least...
3) i tried harder cleaning up and joining the new domain, but to no avail
i rebooted enough times and times were always checked to be within <60s of
each other (because of krb5)
now this is as far as i can get
fileserver # net ads join -UAdministrator@DEF%desperation
[2005/03/15 01:07:40, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password Administrator@DEF failed: KDC reply did not match
expectations
[2005/03/15 01:07:40, 0] utils/net_ads.c:ads_startup(186)
ads_connect: KDC reply did not match expectations
before that i had pre-auth errors or other stuff.
IF i use the wrong pass i get pre-auth error, so at least SOMETHING must be
working
if i leave out the @DEF it appends @ABC.COM driving me crazy because i
already did a
"grep ABC -iR *" in /etc a zillion times, but there's no trace
left, must be
some binary
storage somewhere.
i tried resetting the machine account in the old domain, i deleted it, i
created one in the new domain in advance (and
set it to allow older stuff, i think this means older protocols) etc.etc.
kdestroy, etc.
please cc to soundbastlerlive {blah at- blah} gmx [d o t] at if you reply!
(no typo, not s.blaster)
thanks!
many thanks,
regards from austria
p.s.: also during winbind startup i get "Could not fetch sid for our domain
DEF" in the logfile. do i need winbind anyways?
i thought i did when i setup this server ~1,5 years ago and never bothered
again, as it was working.
