*Philippe MALADJIAN Responsable informatique | administrateur système* Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr <mailto:pmaladjian at hilaire.fr> Le 03/10/2018 à 17:29, Rowland Penny via samba a écrit :> On Wed, 3 Oct 2018 16:54:02 +0200 > Philippe Maladjian via samba <samba at lists.samba.org> wrote: > >> *Philippe MALADJIAN >> Responsable informatique | administrateur système* >> Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr >> <mailto:pmaladjian at hilaire.fr> >> >> >> >> >> Le 03/10/2018 à 16:33, Rowland Penny via samba a écrit : >>> On Wed, 3 Oct 2018 16:01:33 +0200 >>> Philippe Maladjian via samba <samba at lists.samba.org> wrote: >>> >>>> Hello, I realize the preparation of the migration from samba 3 to >>>> samba 4. For the moment the test platform is functional at 80%. >>>> >>>> I realize a problem. At the implementation of samba 3 in NT mode >>>> (more than 10 years ago) I chose netbios name dom.masociete and the >>>> same DNS domain name. >>> Even then, a dot in a workgroup name wasn't recommended. >> That's what I notice from reading but there are 10 I was a beginner ;) >>>> With the migration the domain dns becomes "dom" >>>> and according to my first researches I will quickly encounter >>>> problems if I need subdomain in the future. The ideal would be >>>> that I rename my domain in mycompany.local >>> No, the ideal would be to use virtually anything but '.local' >> masociete.lan? >> >>>> knowing that our Internet domain >>>> name is mycompany.fr but it is not us who manage it. >>>> >>>> I saw that with the arrival of the 4.9.x it is possible to rename a >>>> domain, but is it feasible in my case? If yes, once the domain is >>>> renamed, will I have to go out and add the existing machines in the >>>> domain? >>> This is so new, I am not sure, but I believe it would, you will have >>> to change the DNS domain on all the machines, unless it is set by >>> DHCP. >>> >>> It might just be easier and better to set up a new domain ;-) >> At dhcp level I have as configuration >> >> ---------- >> >> option domain-search code 119 = text; >> option wpad code 252 = text; >> option domain-name "dom.masociete"; >> option domain-search "\003dom\007masociete\000"; >> option wpad "\n"; >> >> ------------- >> >> but I do not see how dhcp could impose windows pc to use another >> domain to connect? > I think you misunderstand what I was trying to say, If you change the > domain name, you also need to change the DNS domain, the REALM is the > same as the DNS domain, but in uppercase. > As I said, this is very new and I haven't had to use it yet, but, from > my understanding, if your dns domain is samdom.example.com and you > rename the domain, every instance of 'samdom', 'example' and 'com' will > get changed to match your new name. > > RowlandI fully understand the idea that the domain AD, DNS domain and REALM must be identical. Our domain AD (NT mode) is dom.Company, the DNS that handles the internal resolution is dom.CompanyName and our Internet domain name is companyName. During my migration tests with the same domain configuration the domain AD becomes dom, the DNS domain becomes dom and the REALM is DOM. This poses a problem of reading and logic. The idea would be to put all this in order so that the domain AD is ad.nomsociete.fr, domain DNS ad.nomsociete.fr and REALM AD.NOMSOCIETE. I understand that the function to rename a domain is too recent so is it possible to make a first migration of samba 3 to 4 with the original configuration and then to migrate a samba domain 4 to another domain samba 4?> >> When I add a machine to the domain I go through the machine's bone >> and change the "Member of" setting as in this picture: >> https://s10629.pcdn.co/wp-content/pictures/2009/11/joindomainwindows7.png >> > That is joining the domain, but if your clients get their DNS domain > via DHCP and you rename the domain, everything should match and you > probably wont have to rejoin, but I don't really know. > > RowlandOk I will test this idea. Philippe.
On Fri, 2018-10-05 at 11:22 +0200, Philippe Maladjian via samba wrote:> *Philippe MALADJIAN > Responsable informatique | administrateur système* > Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr > <mailto:pmaladjian at hilaire.fr> > > > > > Le 03/10/2018 à 17:29, Rowland Penny via samba a écrit : > > On Wed, 3 Oct 2018 16:54:02 +0200 > > Philippe Maladjian via samba <samba at lists.samba.org> wrote: > > > > > *Philippe MALADJIAN > > > Responsable informatique | administrateur système* > > > Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr > > > <mailto:pmaladjian at hilaire.fr> > > > > > > > > > > > > > > > Le 03/10/2018 à 16:33, Rowland Penny via samba a écrit : > > > > On Wed, 3 Oct 2018 16:01:33 +0200 > > > > Philippe Maladjian via samba <samba at lists.samba.org> wrote: > > > > > > > > > Hello, I realize the preparation of the migration from samba 3 to > > > > > samba 4. For the moment the test platform is functional at 80%. > > > > > > > > > > I realize a problem. At the implementation of samba 3 in NT mode > > > > > (more than 10 years ago) I chose netbios name dom.masociete and the > > > > > same DNS domain name. > > > > > > > > Even then, a dot in a workgroup name wasn't recommended. > > > > > > That's what I notice from reading but there are 10 I was a beginner ;) > > > > > With the migration the domain dns becomes "dom" > > > > > and according to my first researches I will quickly encounter > > > > > problems if I need subdomain in the future. The ideal would be > > > > > that I rename my domain in mycompany.local > > > > > > > > No, the ideal would be to use virtually anything but '.local' > > > > > > masociete.lan? > > > > > > > > knowing that our Internet domain > > > > > name is mycompany.fr but it is not us who manage it. > > > > > > > > > > I saw that with the arrival of the 4.9.x it is possible to rename a > > > > > domain, but is it feasible in my case? If yes, once the domain is > > > > > renamed, will I have to go out and add the existing machines in the > > > > > domain? > > > > > > > > This is so new, I am not sure, but I believe it would, you will have > > > > to change the DNS domain on all the machines, unless it is set by > > > > DHCP. > > > > > > > > It might just be easier and better to set up a new domain ;-) > > > > > > At dhcp level I have as configuration > > > > > > ---------- > > > > > > option domain-search code 119 = text; > > > option wpad code 252 = text; > > > option domain-name "dom.masociete"; > > > option domain-search "\003dom\007masociete\000"; > > > option wpad "\n"; > > > > > > ------------- > > > > > > but I do not see how dhcp could impose windows pc to use another > > > domain to connect? > > > > I think you misunderstand what I was trying to say, If you change the > > domain name, you also need to change the DNS domain, the REALM is the > > same as the DNS domain, but in uppercase. > > As I said, this is very new and I haven't had to use it yet, but, from > > my understanding, if your dns domain is samdom.example.com and you > > rename the domain, every instance of 'samdom', 'example' and 'com' will > > get changed to match your new name. > > > > Rowland > > I fully understand the idea that the domain AD, DNS domain and REALM > must be identical. > > Our domain AD (NT mode) is dom.Company, the DNS that handles the > internal resolution is dom.CompanyName and our Internet domain name is > companyName. > > During my migration tests with the same domain configuration the domain > AD becomes dom, the DNS domain becomes dom and the REALM is DOM. This > poses a problem of reading and logic. > > The idea would be to put all this in order so that the domain AD is > ad.nomsociete.fr, domain DNS ad.nomsociete.fr and REALM AD.NOMSOCIETE. > > I understand that the function to rename a domain is too recent so is it > possible to make a first migration of samba 3 to 4 with the original > configuration and then to migrate a samba domain 4 to another domain > samba 4?The point of migration between 'Samba3' (a classic or NT4 domain) is your best opportunity to get the right name. This is the first time Samba will care about the DNS domain name of anything, so this is the time to chose your full ad.mycompany.com DNS domain as the --realm parameter. You may have difficulty with the . in the netbios name, particularly long-term, so if you don't mind re-joining your machines you might first want to rename that (ensure you keep the same domain SID) and rejoin the machines. I hope this helps. One thing I wouldn't do is move to an AD domain then try and rename, things are *much* simpler in the old system for tricky things like this. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
*Philippe MALADJIAN Responsable informatique | administrateur système* Le 10/10/2018 à 08:30, Andrew Bartlett via samba a écrit :> On Fri, 2018-10-05 at 11:22 +0200, Philippe Maladjian via samba wrote: >> *Philippe MALADJIAN >> Responsable informatique | administrateur système* >> Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr >> <mailto:pmaladjian at hilaire.fr> >> >> >> >> >> Le 03/10/2018 à 17:29, Rowland Penny via samba a écrit : >>> On Wed, 3 Oct 2018 16:54:02 +0200 >>> Philippe Maladjian via samba <samba at lists.samba.org> wrote: >>> >>>> *Philippe MALADJIAN >>>> Responsable informatique | administrateur système* >>>> Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr >>>> <mailto:pmaladjian at hilaire.fr> >>>> >>>> >>>> >>>> >>>> Le 03/10/2018 à 16:33, Rowland Penny via samba a écrit : >>>>> On Wed, 3 Oct 2018 16:01:33 +0200 >>>>> Philippe Maladjian via samba <samba at lists.samba.org> wrote: >>>>> >>>>>> Hello, I realize the preparation of the migration from samba 3 to >>>>>> samba 4. For the moment the test platform is functional at 80%. >>>>>> >>>>>> I realize a problem. At the implementation of samba 3 in NT mode >>>>>> (more than 10 years ago) I chose netbios name dom.masociete and the >>>>>> same DNS domain name. >>>>> Even then, a dot in a workgroup name wasn't recommended. >>>> That's what I notice from reading but there are 10 I was a beginner ;) >>>>>> With the migration the domain dns becomes "dom" >>>>>> and according to my first researches I will quickly encounter >>>>>> problems if I need subdomain in the future. The ideal would be >>>>>> that I rename my domain in mycompany.local >>>>> No, the ideal would be to use virtually anything but '.local' >>>> masociete.lan? >>>> >>>>>> knowing that our Internet domain >>>>>> name is mycompany.fr but it is not us who manage it. >>>>>> >>>>>> I saw that with the arrival of the 4.9.x it is possible to rename a >>>>>> domain, but is it feasible in my case? If yes, once the domain is >>>>>> renamed, will I have to go out and add the existing machines in the >>>>>> domain? >>>>> This is so new, I am not sure, but I believe it would, you will have >>>>> to change the DNS domain on all the machines, unless it is set by >>>>> DHCP. >>>>> >>>>> It might just be easier and better to set up a new domain ;-) >>>> At dhcp level I have as configuration >>>> >>>> ---------- >>>> >>>> option domain-search code 119 = text; >>>> option wpad code 252 = text; >>>> option domain-name "dom.masociete"; >>>> option domain-search "\003dom\007masociete\000"; >>>> option wpad "\n"; >>>> >>>> ------------- >>>> >>>> but I do not see how dhcp could impose windows pc to use another >>>> domain to connect? >>> I think you misunderstand what I was trying to say, If you change the >>> domain name, you also need to change the DNS domain, the REALM is the >>> same as the DNS domain, but in uppercase. >>> As I said, this is very new and I haven't had to use it yet, but, from >>> my understanding, if your dns domain is samdom.example.com and you >>> rename the domain, every instance of 'samdom', 'example' and 'com' will >>> get changed to match your new name. >>> >>> Rowland >> I fully understand the idea that the domain AD, DNS domain and REALM >> must be identical. >> >> Our domain AD (NT mode) is dom.Company, the DNS that handles the >> internal resolution is dom.CompanyName and our Internet domain name is >> companyName. >> >> During my migration tests with the same domain configuration the domain >> AD becomes dom, the DNS domain becomes dom and the REALM is DOM. This >> poses a problem of reading and logic. >> >> The idea would be to put all this in order so that the domain AD is >> ad.nomsociete.fr, domain DNS ad.nomsociete.fr and REALM AD.NOMSOCIETE. >> >> I understand that the function to rename a domain is too recent so is it >> possible to make a first migration of samba 3 to 4 with the original >> configuration and then to migrate a samba domain 4 to another domain >> samba 4? > The point of migration between 'Samba3' (a classic or NT4 domain) is > your best opportunity to get the right name. > > This is the first time Samba will care about the DNS domain name of > anything, so this is the time to chose your full ad.mycompany.com DNS > domain as the --realm parameter. > > You may have difficulty with the . in the netbios name, particularly > long-term, so if you don't mind re-joining your machines you might > first want to rename that (ensure you keep the same domain SID) and > rejoin the machines. > > I hope this helps. One thing I wouldn't do is move to an AD domain > then try and rename, things are *much* simpler in the old system for > tricky things like this. > > Andrew BartlettHello, I continue my research on my problem of change of domain name. After talking with a specialized friend AD he offered to create a domain mycompany.com with a subdomain mysite.mycompany.com. Both will be the base of a forest then add to this forest my samba3 controller to migrate users, machines from my samba3 to mysite.mycompany.com. The unknown is: can samba3 be able to integrate a forest or will I have to go through a version upgrade and migrate inside the forest? Philippe.