Michal67M at seznam.cz
2018-Jul-10 13:25 UTC
[Samba] My terrible fail - started AD together with NT4 domain. Help needed
I am in a process of moving from NT4 domain to AD domain. And I did exactly what should not be done, I run AD on the production network. Now clients (Win7 and Win10) can not see old NT4 domain controller. What exactly I did: - exported production LDAP data of our domain called "NIS" and started new LDAP server with that data on new linux server, called ad1 - copied samba config etc data from NT4 linux controller to ad1 to /etc/ samba.PDC - I changed domain name from "NIS" to "UHN" both in smb.conf and LDAP (I believed this will prevent problems with running AD on the same network). I did not change domain SIDs in LDAP data (I thought changing domain name will be enough). - I installed samba 4.8.2 on ad1 (into /usr/local/samba.ad) and run samba-tool domain classicupgrade --dbdir=/etc/samba.PDC/ --realm=ad.nemuh. cz --dns-backend=BIND9_DLZ /etc/samba.PDC/smb.PDC.conf After correction of numerous errors in LDAP data this command succeded. Then I run /usr/local/samba.ad/sbin/samba -i -M single -d 3 I repeated about 5 times the cycle of deleting all LDAP data, removing /usr/ local/samba.ad, running samba upgrade and starting samba AD on ad1, starting from last week till today. The Samba AD is stopped now. Now we can not add computers to old domain. And users, which were not had not been logged into old domain on PC before can not log on the PC at all. Is there anything I can do to make clients be able to see old NT4 domain? Some registry change, etc? I really would appreciate any help, this was really my big fail :-(( Thanks, Michal
Possibly Parallel Threads
Wisdom of the Ancients
