Coert
2019-Dec-10 10:35 UTC
[Samba] 3 domains, full trust between all, move samba server join to other domain
Hello all, I have a Samba file server running that is member of a windows AD domain. Later I added 2 more domains with a full trust relationship between all 3. (all are Windows AD) Everything works perfectly, wbinfo -u/-g shows all users/groups from all 3 domains, and ACLs work perfectly. I now want to decommission 2 of the domains, and leave only 1 domain. Lets say they are: domain1old (to be decommissioned) domain2old (to be decommissioned and domain Samba server currently joined on) domain3new (domain to remain, where Samba server needs to be joined/moved) As stated, there is a full trust relationship between all 3 domains. The samba server is member of domain2old, and I want to keep all ACLs and such but join it on domain3new Can I simply change /etc/krb5.conf default_realm to domain3new and run net ads join again? Thank you in advance, Coert
Rowland penny
2019-Dec-10 11:11 UTC
[Samba] 3 domains, full trust between all, move samba server join to other domain
On 10/12/2019 10:35, Coert via samba wrote:> Hello all, > > I have a Samba file server running that is member of a windows AD domain. > > Later I added 2 more domains with a full trust relationship between > all 3. (all are Windows AD) > > Everything works perfectly, wbinfo -u/-g shows all users/groups from > all 3 domains, and ACLs work perfectly. > > I now want to decommission 2 of the domains, and leave only 1 domain. > > Lets say they are: > > domain1old (to be decommissioned) > > domain2old (to be decommissioned and domain Samba server currently > joined on) > > domain3new (domain to remain, where Samba server needs to be > joined/moved) > > As stated, there is a full trust relationship between all 3 domains. > > > The samba server is member of domain2old, and I want to keep all ACLs > and such but join it on domain3new > > Can I simply change /etc/krb5.conf default_realm to domain3new and run > net ads join again? > > > Thank you in advance, > > Coert > >Don't think so, I think you would have to leave the existing domain, change the dns domain to the dns domain of the new AD domain, change the realm in /etc/krb5.conf, change smb.conf to match the new domain, ensure /etc/resolv.conf points to the new DC and that /etc/hosts uses the new dns domain, reboot. Stop Samba and then attempt to join the new domain. Rowland