Hello, I'm looking for several days but I do not spend my days :) If I create a new domain on the new AD, I will necessarily have a new SID so I would have to go to each machine to get them out of the domain and join them again? *Philippe MALADJIAN Responsable informatique | administrateur système* Le 18/09/2018 à 19:29, Rowland Penny via samba a écrit :> On Tue, 18 Sep 2018 14:20:19 +0200 > Philippe Maladjian via samba <samba at lists.samba.org> wrote: > >> Hello, >> >> On my current installation samba announces domain dom.domain, windows >> machines and users are registered on domain dom.hilaire, root dn of >> my ldap is dc = domain, dc = fr. >> >> At first I tested a migration by applying the vm of my server samba3 >> and my ldap. I migrated these VMs out of the production network and >> validated that with a pc from my production network (once the network >> settings changed) I could connect to the test domain. >> >> Then I copied the file smb.conf and all the tdb to the new samba >> server 4. I started the migration procedure via samba-tool and got >> the error on the groups Domain Users and Backup Operators as well as >> the login error with my ldap directory. >> >> After some exchanges I exported in a ldif my directory to modify the >> root dn in dc = dom, dc = domain so that it corresponds to the >> Windows domain name. I re-imported everything in my directory. >> >> When I restart the migration procedure by samba-tool I have the same >> error. As I have the same installation problem with the production >> version I do not see any relationship with the SID. The samba domain >> name does not change, it's only the root dn of my ldap directory that >> I change before the migration. >> > This, as you have found, does not work. > > The whole idea behind the classicupgrade script is, it takes your old > PDC domain and upgrades it to an AD domain, with the same users & > passwords, groups and group memberships etc. Most importantly it uses > the same SID, it is the SID that identifies the domain. > > You seem to have spent weeks getting this to work, it would have been > quicker to create a new AD domain and port your users etc to that. > > Rowland >
On Wed, 19 Sep 2018 11:20:39 +0200 Philippe Maladjian via samba <samba at lists.samba.org> wrote:> Hello, > > I'm looking for several days but I do not spend my days :) > > If I create a new domain on the new AD, I will necessarily have a new > SID so I would have to go to each machine to get them out of the > domain and join them again? >I am loosing the plot here, I seem to remember that you didn't want to run the classicupgrade as it is supposed to be run, you wanted to change things. You can either upgrade your existing NT4-style domain (as is) to an AD domain, or you can create a new domain (as you want it) and port your users and groups to it. The first way means your users and computers shouldn't notice any difference, the second means you will have to join your computers to the new domain. It is also probable that if you do get your way to work, you will have to rejoin the computers. Rowland
Hello, I continued my migration tests and totally by chance I replaced the ldap2 domain name with the ip address for the passdb backend parameter and this time the migration procedure goes to the end. I still have errors for groups and duplicate users O_o ! Thanks for your help. *Philippe MALADJIAN Responsable informatique | administrateur système* Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr <mailto:pmaladjian at hilaire.fr> Hilaire s.a.s. <http://www.hilaire.fr> *HILAIRE s.a.s.* 203 - 205 rue Jean Voillot, 69100 Villeurbanne - France Tél. : +33 (0)4 72 37 58 23 - Fax : +33 (0)4 78 26 02 03 http://www.hilaire.fr Le 19/09/2018 à 16:52, Rowland Penny via samba a écrit :> On Wed, 19 Sep 2018 11:20:39 +0200 > Philippe Maladjian via samba <samba at lists.samba.org> wrote: > >> Hello, >> >> I'm looking for several days but I do not spend my days :) >> >> If I create a new domain on the new AD, I will necessarily have a new >> SID so I would have to go to each machine to get them out of the >> domain and join them again? >> > I am loosing the plot here, I seem to remember that you didn't want to > run the classicupgrade as it is supposed to be run, you wanted to > change things. > > You can either upgrade your existing NT4-style domain (as is) to an AD > domain, or you can create a new domain (as you want it) and port your > users and groups to it. > > The first way means your users and computers shouldn't notice any > difference, the second means you will have to join your computers to > the new domain. > > It is also probable that if you do get your way to work, you will have > to rejoin the computers. > > Rowland >