UNCLASSIFIED
I built another PC using Centos7 and samba 4.1.7.
This got further but gave a segmentation fault. On successive runs, I got: Your
filesystem or build does not support posix ACLs, which s3f3 requires. (This is
BS)
So I tried the next version that I had downloaded 4.3.3. With this I was able to
successfully join the domain.
I am thinking to:
1) seize roles with samba 3.3 server
2) shutdown 2003 server
3) join domain with samba 4.10 server
4) transfer roles to samba 4.10 server
5) demote samba 3.3 server (this PC is a loaner)
Is there any benefit in walking up the versions from 3.3 to 4.8.x before seizing
the roles?
When you say "walk up the versions", do you mean 4.4, 4.5, 4.6, 4.7,
4.8?
Cheers
Russell
-----Original Message-----
From: Rowland penny [mailto:rpenny at samba.org]
Sent: Friday, 31 May, 2019 5:48 p.m.
To: Andrew Bartlett; Thamm, Russell
Cc: samba at lists.samba.org
Subject: Re: [Samba] Problem joining domain [SEC=CLASSIFIED]
On 31/05/2019 08:23, Andrew Bartlett wrote:> On Fri, 2019-05-31 at 06:21 +0000, Thamm, Russell via samba wrote:
>> UNCLASSIFIED
>>
>> Hi Andrew and Roland,
>>
>> I originally installed samba-4.1.7 on CentOS 6.5. I successfully joined
the domain. I intended to take over from the 2003 server but because the domain
was being heavily used, I delayed seizing the roles.
>>
>> Now I really, really want to replace the 2003 server. The network is
currently not in use and I want to complete the job while I have an opportunity.
If I have no other option, I will create a new domain, but I'd prefer to
avoid having to create new user accounts.
> How about trying this:
>
> https://wiki.samba.org/index.php/Create_a_samba_lab-domain
Isn't the OP going to run into a chicken & egg situation here, will it
work against a Windows DC ?>
> If that works, then you may be able to try this:
>
> https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC
>
> an online backup might work against windows, but I suspect you will
> hit:
>
> https://bugzilla.samba.org/show_bug.cgi?id=13917
>
> If you can apply patches (difficult air-gapped I know), try the
> backported one attached to the bug.
>
> Restoring the backup won't allow the windows server to still operate
> (they will fight), but might get you a way out.
>
> Anyway, I hope this is of some help. Otherwise we need to try and
> work out a bit more about why the windows DC is unhappy with our list
> of NCs.
>
> Andrew Bartlett
If a Centos 6 Samba AD DC was able to join, then I would try going down that
path again, but to save time and not compile Samba, I would use Debian 8
instead. If you get a Samba DC to join, you could then walk up the Samba
versions (probably needed unless the bug is fixed) by using Louis's repo.
Once you get past 4.8.x, you could then seize all the FSMO roles and turn off
the windows DC and remove it from the domain.
Rowland
IMPORTANT: This email remains the property of the Department of Defence and is
subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have
received this email in error, you are requested to contact the sender and delete
the email.