On 09/08/2020 20:13, Simon Matthews via samba wrote:> I have things sort of working now, but I just want to confirm: there is > no way to manually (and individually) map the IDs?As far as I am aware, not with your setup, If you were using ldap or running AD, then yes, you could allocate an exact ID to each user and group. Rowland
Simon Matthews
2020-Aug-10 00:26 UTC
[Samba] Creating a new Samba BDC and promoting to PDC
Is there a good document on bringing up a new Samba 4 BDC and promoting it to PDC in my NT-style domain environment? Moving to AD-style domain is something I should do, but moving my PDC to another machine is more urgent. Simon Blue Pearl Software, Inc. will collect and process information about you that may be subject to data protection laws. For more information about how we use and disclose your personal information, how we protect your information, our legal basis to use your information, your rights and who you can contact, please refer to the relevant sections of our Privacy note at www.bluepearlsoftware.com/privacypolicy.
L.P.H. van Belle
2020-Aug-10 09:34 UTC
[Samba] Creating a new Samba BDC and promoting to PDC
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Simon Matthews via samba > Verzonden: maandag 10 augustus 2020 2:27 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Creating a new Samba BDC and promoting to PDC > > Is there a good document on bringing up a new Samba 4 BDC and > promoting it to PDC in my NT-style domain environment?Dont, its a waist of time, really> > Moving to AD-style domain is something I should do, but > moving my PDC to another machine is more urgent.Then urgently, setup a new AD-DC server + 1 member, move the old data to the member. You can, if the username/password are the same, setup like this: DOM\ NEWDOM\ Passthrougth auth will work for windows.. winbind use default domain = yes to make it see as user:group again I see you use Centos, im not much help with Centos, sorry. Im a Debian guy, but with above you can setup new and keep old running as far its needed. :-/ doing that for 4 years now.. But not im really moving my last smb1 servers out. New pc's are added to the new domain with in GPO a drive mapping to old servers. Greetz, Louis
Simon Matthews
2020-Aug-11 00:20 UTC
[Samba] Creating a new Samba BDC and promoting to PDC
On 8/10/20 2:34 AM, L.P.H. van Belle via samba wrote:> > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Simon Matthews via samba >> Verzonden: maandag 10 augustus 2020 2:27 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] Creating a new Samba BDC and promoting to PDC >> >> Is there a good document on bringing up a new Samba 4 BDC and >> promoting it to PDC in my NT-style domain environment? > Dont, its a waist of time, really > >> Moving to AD-style domain is something I should do, but >> moving my PDC to another machine is more urgent. > Then urgently, setup a new AD-DC server + 1 member, move the old data to the member. > You can, if the username/password are the same, setup like this:The move to AD involves re-configuration of DNS. We already have a local DNS server, which works nicely with our DHCP server. It's not clear to me what zones the AD DNS server needs to serve? I wonder if I can keep my existing zones (forward/reverse resolution for all the machines in the LAN) and, if the zones that the AD DNS server requires do not overlap, then I can set up my existing DNS server as a slave for the new zones? Simon Blue Pearl Software, Inc. will collect and process information about you that may be subject to data protection laws. For more information about how we use and disclose your personal information, how we protect your information, our legal basis to use your information, your rights and who you can contact, please refer to the relevant sections of our Privacy note at www.bluepearlsoftware.com/privacypolicy.
L.P.H. van Belle
2020-Aug-11 07:34 UTC
[Samba] Creating a new Samba BDC and promoting to PDC
Hi Simon, Imagine, you have now zone1.domain.tld which runs the PDC setup. You can now setup the new AD zones for example with a new zone. office.domain.tld Once you have dns running you can forward zone1 to the needed dns server(s) for the old zones. And/or re-add the records in the new DNS. If the local dns server with dhcp is already running. Transfer it to the AD-DC, its not obligated, but its nice to have dhcp managing the DNS records also Within the AD. This is what you should read also. https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Simon Matthews via samba > Verzonden: dinsdag 11 augustus 2020 2:21 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Creating a new Samba BDC and promoting to PDC > > On 8/10/20 2:34 AM, L.P.H. van Belle via samba wrote: > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens > >> Simon Matthews via samba > >> Verzonden: maandag 10 augustus 2020 2:27 > >> Aan: samba at lists.samba.org > >> Onderwerp: [Samba] Creating a new Samba BDC and promoting to PDC > >> > >> Is there a good document on bringing up a new Samba 4 BDC and > >> promoting it to PDC in my NT-style domain environment? > > Dont, its a waist of time, really > > > >> Moving to AD-style domain is something I should do, but > >> moving my PDC to another machine is more urgent. > > Then urgently, setup a new AD-DC server + 1 member, move > the old data to the member. > > You can, if the username/password are the same, setup like this: > > The move to AD involves re-configuration of DNS. We already > have a local > DNS server, which works nicely with our DHCP server. > > It's not clear to me what zones the AD DNS server needs to serve? I > wonder if I can keep my existing zones (forward/reverse resolution for > all the machines in the LAN) and, if the zones that the AD DNS server > requires do not overlap, then I can set up my existing DNS server as a > slave for the new zones? > > Simon > > > Blue Pearl Software, Inc. will collect and process > information about you that may be subject to data protection > laws. For more information about how we use and disclose your > personal information, how we protect your information, our > legal basis to use your information, your rights and who you > can contact, please refer to the relevant sections of our > Privacy note at www.bluepearlsoftware.com/privacypolicy. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Simon Matthews
2020-Aug-25 23:33 UTC
[Samba] Creating a new Samba BDC and promoting to PDC
If I go with the suggestion to just set up a new AD-DC server, how do I move my data to this from the old server (which uses TDBSAM)? Simon On 8/10/20 2:34 AM, L.P.H. van Belle via samba wrote:> > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Simon Matthews via samba >> Verzonden: maandag 10 augustus 2020 2:27 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] Creating a new Samba BDC and promoting to PDC >> >> Is there a good document on bringing up a new Samba 4 BDC and >> promoting it to PDC in my NT-style domain environment? > Dont, its a waist of time, really > >> Moving to AD-style domain is something I should do, but >> moving my PDC to another machine is more urgent. > Then urgently, setup a new AD-DC server + 1 member, move the old data to the member.If I go with the suggestion to just set up a new AD-DC server, how do I move my data to this from the old server (which uses TDBSAM)? Can I just copy the files in /var/lib/samba/? The old server is running Samba 4.2.11, and, because of decisions made by a former manager, can no longer be updated. My plan is to migrate to CentOS 7. My approach is going to be to set up the new server in a NAT jail, so that I can get it working without worrying about the clients. Then, when I am satisfied it is working, to fully expose it on the LAN. Simon> You can, if the username/password are the same, setup like this: > > DOM\ > NEWDOM\ > > Passthrougth auth will work for windows.. > > winbind use default domain = yes > > to make it see as user:group again > > > I see you use Centos, im not much help with Centos, sorry. Im a Debian guy, > but with above you can setup new and keep old running as far its needed. > :-/ doing that for 4 years now.. But not im really moving my last smb1 servers out. > New pc's are added to the new domain with in GPO a drive mapping to old servers. > > > Greetz, > > Louis > > > > > >Blue Pearl Software, Inc. will collect and process information about you that may be subject to data protection laws. For more information about how we use and disclose your personal information, how we protect your information, our legal basis to use your information, your rights and who you can contact, please refer to the relevant sections of our Privacy note at www.bluepearlsoftware.com/privacypolicy.