Hello, and sorry Rowland and everybody for the confusion. My fault: I
wrote PDC but I was meaning AD DC.
It was the only DC for the AD, and what I was trying to achieve is to
replace it with a new one as the only DC for the domain, and to connect to
the new one with both the new and the old server name.
Thanks for the suggestion. I've used the CNAME method, but I can't
connect
to the old server name from Windows clients, with the errors shown in my
previous message - essentially: "Failed to find
DC2$@SAMDOM.EXAMPLE.COM(kvno 1) in keytab FILE..." (DC2 is the new name,
while DC1 is ne old one).
I think that the issue could be due to a wrong/missing addition of the
servicePrincipalName, since the cname is working correctly, but the next
time I'll try with the method you suggested.
Antonio
On Thu, 6 Jul 2023, Rowland Penny via samba wrote:
>
>
> On 06/07/2023 16:16, Antonio Trogu via samba wrote:
>> Hello,
>>
>> I needed to replace an old Samba AD PDC with a new one, so I've
installed
>> the new one (Ubuntu 20.04 + Samba 4.15.13 from Ubuntu repository),
joined
>> it to the AD domain, demoted the primary, then removed it.
>
> I got totally confused the first time that I read the above, I had to read
it
> a few times before I fully understood it. The reason being, on first scan I
> thought that Antonio was trying to join an NT4-style PDC to an AD domain,
> which isn't the case. What he is trying to do is replace an AD DC that
> currently holds the PDC_Emulator FSMO role.
> There are no such terms as 'PDC' and 'primary' associated
with AD, all DC's
> are equal (apart from the FSMO roles and they can be on any DC)
>
> Sorry if that sounds like preaching, but it is just the way (along with a
lot
> of others) that I see it.
>
>> All steps have been done following the Samba official howtos:
>>
>>
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
>>
>> and
>>
>> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
>>
>> and every one after having tested the previous one's success.
>>
>> Afterwards, to avoid needing to change all DNS and printers settings on
the
>> clients, I've added the old PDC's IP and name to the new PDC.
Samba's DNS
>> is now correctly answering on both IPs, while share access from Windows
>> clients always fails for wrong credentials. From a linux client with
>> smbclient instead the shares are accessible.
>
> I hope that you are running more than one DC, if you are, I would have
> transferred all the FSMO roles to another DC, demoted the original DC,
> cleaned up its meta data in AD and then used the same name and ipaddress
for
> the new DC, joined it to the domain and then transferred the FSMO roles
back
> again.
>
> If you don't want to do that, you should use a CNAME.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
The information contained in this email message and/or attachments is strictly
confidential. Its use is exclusive to the intended recipient of the message for
the purpose reported in the message itself. The following constitutes a breach
to the principles provided for by the General Data Protection Regulation
2016/679: keeping the message beyond the necessary time, disclosing its
contents, either totally or partially, to third parties, copying or using it for
any purpose other than those stated in the message itself. We further inform you
that, at any time, you can ask for the suspension of the use of your data,
except for any communication provided for by law. Should you receive this
message in error, we kindly ask you to notify us immediately via e-mail and
delete it from your system.