thank you rowland, Il 08/02/2018 10:41, Rowland Penny via samba ha scritto:> On Thu, 8 Feb 2018 10:30:55 +0100 > Massimo Donato via samba <samba at lists.samba.org> wrote: > >> Hi to All, >> i'm wondering to do again domain provision. >> anyone that tryed this? >> any idea on how to have the previous users profiles imported in the >> new domain ? >> do i have to rejoin all the workstations? > If you provision Samba, you will get a NEW domain. Whilst you can dump > the users etc from the old domain, you will need to create them again > in the new domain, this includes joining the workstations. Any files > etc that belong to the old users & groups will have to be 'chown' to > the new ones. The windows profiles (as far as I am aware) from the old > domain cannot be used because they contain the old domains SID. > > Rowland >so as far i understand is not possible for me. any idea on how to recover the domain that is not working? can't add workstations everything seems good in the log execpt: [root at zeus ~]# samba-tool domain demote --remove-other-dead-server=backupdc WARNING: The "profile acls" option is deprecated ERROR: Demote failed: DemoteException: backupdc is not an AD DC in somdomain.com A transaction is still active in ldb context [0x27bfd20] on tdb:///usr/local/samba/private/sam.ldb --- Questa email è stata esaminata alla ricerca di virus da AVG. http://www.avg.com
Hi Massimo,>>> Hi to All, >>> i'm wondering to do again domain provision. >>> anyone that tryed this? >>> any idea on how to have the previous users profiles imported in the >>> new domain ? >>> do i have to rejoin all the workstations? >> If you provision Samba, you will get a NEW domain. Whilst you can dump >> the users etc from the old domain, you will need to create them again >> in the new domain, this includes joining the workstations. Any files >> etc that belong to the old users & groups will have to be 'chown' to >> the new ones. The windows profiles (as far as I am aware) from the old >> domain cannot be used because they contain the old domains SID. >> >> Rowland >> > so as far i understand is not possible for me. > any idea on how to recover the domain that is not working? can't add > workstations > everything seems good in the log execpt: > > [root at zeus ~]# samba-tool domain demote --remove-other-dead-server=backupdc > WARNING: The "profile acls" option is deprecated > ERROR: Demote failed: DemoteException: backupdc is not an AD DC in > somdomain.com > A transaction is still active in ldb context [0x27bfd20] on > tdb:///usr/local/samba/private/sam.ldbhave you check that RID FSMO role is on the still on the surviving server? samba-tool fsmo show Cheers, Denis> > > --- > Questa email è stata esaminata alla ricerca di virus da AVG. > http://www.avg.com-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil.it Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr
*//* Il 08/02/2018 10:59, Denis Cardon via samba ha scritto:> Hi Massimo, > >>>> Hi to All, >>>> i'm wondering to do again domain provision. >>>> anyone that tryed this? >>>> any idea on how to have the previous users profiles imported in the >>>> new domain ? >>>> do i have to rejoin all the workstations? >>> If you provision Samba, you will get a NEW domain. Whilst you can dump >>> the users etc from the old domain, you will need to create them again >>> in the new domain, this includes joining the workstations. Any files >>> etc that belong to the old users & groups will have to be 'chown' to >>> the new ones. The windows profiles (as far as I am aware) from the old >>> domain cannot be used because they contain the old domains SID. >>> >>> Rowland >>> >> so as far i understand is not possible for me. >> any idea on how to recover the domain that is not working? can't add >> workstations >> everything seems good in the log execpt: >> >> [root at zeus ~]# samba-tool domain demote >> --remove-other-dead-server=backupdc >> WARNING: The "profile acls" option is deprecated >> ERROR: Demote failed: DemoteException: backupdc is not an AD DC in >> somdomain.com >> A transaction is still active in ldb context [0x27bfd20] on >> tdb:///usr/local/samba/private/sam.ldb > > have you check that RID FSMO role is on the still on the surviving > server? > samba-tool fsmo show > > Cheers, > > DenisSchemaMasterRole owner: CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcomlocal,DC=local InfrastructureMasterRole owner: CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcomlocal,DC=local RidAllocationMasterRole owner: CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcomlocal,DC=local PdcEmulationMasterRole owner: CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcomlocal,DC=local DomainNamingMasterRole owner: CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcomlocal,DC=local DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcomlocal,DC=local ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcomlocal,DC=local --- Questa email è stata esaminata alla ricerca di virus da AVG. http://www.avg.com
On Thu, 8 Feb 2018 10:50:01 +0100 Massimo Donato via samba <samba at lists.samba.org> wrote:> thank you rowland, > > so as far i understand is not possible for me. > any idea on how to recover the domain that is not working? can't add > workstations > everything seems good in the log execpt: > > [root at zeus ~]# samba-tool domain demote > --remove-other-dead-server=backupdc > WARNING: The "profile acls" > option is deprecatedFirst the easy bit ;-) You can ignore the warnng, it is just telling you that you have a deprecated line in smb.conf> ERROR: Demote failed: DemoteException: backupdc > is not an AD DC in somdomain.comThe demote seems to have failed because it thinks you do not have a DC called 'backupdc', have you checked in AD ?> A transaction is still active in ldb context [0x27bfd20] on > tdb:///usr/local/samba/private/sam.ldb >Not sure about this, but can you post the smb.conf from the DC Rowland
On Thu, 2018-02-08 at 10:50 +0100, Massimo Donato via samba wrote:> A transaction is still active in ldb context [0x27bfd20] on > tdb:///usr/local/samba/private/sam.ldbThis just means the tool quit without cleaning up properly, forcing the next Samba command to clean up (remove) the partial transaction in the DB. Not good for us as developers, but not harmful to you in the long term. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Possibly Parallel Threads
- domain provision again ?
- after a couple of year of success is not possible to add workstations to domain
- after a couple of year of success is not possible to add workstations to domain
- domain provision again ?
- after a couple of year of success is not possible to add workstations to domain