samba - Jun 2022 - Migration 3.5 to 4.x, realm identical to domain

On Wed, 2022-06-01 at 08:59 +0200, Philippe Maladjian
wrote:
> 
> That's exactly what I do. I copied the VM from my samba 3.5 and
> created a VM of a user station, all placed in a dedicated network
> that does not communicate with the prod network. After adding the VM
> pc to the domain at 3.5 test, I make several connection/disconnection
> attempts to make sure that the rights management works correctly.
> 
> To perform the migration by changing the domain name I should follow
> this procedure:
> - take the test pc out of the domain;
If by 'pc' you mean the Samba PDC, then yes, but I would 'clone'
it and
then place this on a separate subnet that isn't connected to your
production network.
> - stop samba;
> - change the workgroup name in smb.conf;
You will also need to change the dns domain
> - modify LDAP data by replacing the old domain (dom.mondomain) with
> the new one (nomrue205);
> - restart samba;
> - reintegrate the test pc.
No, not unless you want to destroy your production domain. Do all your
testing away from the production domain.
> 
> Won't I encounter a problem with user and machine SIDs?
No, because, provided you change all mention of the old
workgroup/Netbios domain name (DOM.MONDOMAIN) with the new one, the SID
will then point to the new Netbios domain name on the clone.

Rowland

Le mercredi 01 juin 2022 ? 09:29 +0100, Rowland Penny via samba a
?crit?:
> On Wed, 2022-06-01 at 08:59 +0200, Philippe Maladjian wrote:
> > 
> > That's exactly what I do. I copied the VM from my samba 3.5 and
> > created a VM of a user station, all placed in a dedicated network
> > that does not communicate with the prod network. After adding the
> > VM
> > pc to the domain at 3.5 test, I make several
> > connection/disconnection
> > attempts to make sure that the rights management works correctly.
> > 
> > To perform the migration by changing the domain name I should
> > follow
> > this procedure:
> > - take the test pc out of the domain;
> 
> If by 'pc' you mean the Samba PDC, then yes, but I would
'clone' it
> and
> then place this on a separate subnet that isn't connected to your
> production network.
No 'pc' is a Windows user station that I cloned by a p2v to my test
network.
> 
> > - stop samba;
> > - change the workgroup name in smb.conf;
> 
> You will also need to change the dns domain
> 
> > - modify LDAP data by replacing the old domain (dom.mondomain) with
> > the new one (nomrue205);
> > - restart samba;
> > - reintegrate the test pc.
> 
> No, not unless you want to destroy your production domain. Do all
> your
> testing away from the production domain.
It was of course on my test network that I was going to do this. I
don't do anything on the production part.
> 
> > 
> > Won't I encounter a problem with user and machine SIDs?
> 
> No, because, provided you change all mention of the old
> workgroup/Netbios domain name (DOM.MONDOMAIN) with the new one, the
> SID
> will then point to the new Netbios domain name on the clone.
Ok I will test this procedure on my test network.
> 
> Rowland
> 
Philippe.

On Wed, 2022-06-01 at 11:01 +0200, Philippe Maladjian
wrote:
> Le mercredi 01 juin 2022 ? 09:29 +0100, Rowland Penny via samba a
> ?crit :
> > On Wed, 2022-06-01 at 08:59 +0200, Philippe Maladjian wrote:
> > > That's exactly what I do. I copied the VM from my samba 3.5
and
> > > created a VM of a user station, all placed in a dedicated network
> > > that does not communicate with the prod network. After adding the
> > > VM
> > > pc to the domain at 3.5 test, I make several
> > > connection/disconnection
> > > attempts to make sure that the rights management works correctly.
> > > 
> > > To perform the migration by changing the domain name I should
> > > follow
> > > this procedure:
> > > - take the test pc out of the domain;
> > 
> > If by 'pc' you mean the Samba PDC, then yes, but I would
'clone' it
> > and
> > then place this on a separate subnet that isn't connected to your
> > production network.
> 
> No 'pc' is a Windows user station that I cloned by a p2v to my test
> network.
You need to clone your Samba PDC, this is what holds your users &
groups in ldap.

Rowland