Rename domain during classicupgrade step?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Rename domain during classicupgrade step?

Samba - General mailing list
I can see in the docs that a domain rename is not recommended/supported
by Samba for an already provisioned domain. However, what I can't work
out is if this is not possible during the classicupgrade step either?
Does this make any difference, or would it present the same difficulties
as renaming an already provisioned Samba AD?

It case what I'm asking is not quite clear - I have a Samba NT style
domain - and I would like to change its name when I use classicupgrade
to migrate it to an AD style domain. Can this be done?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Rename domain during classicupgrade step?

Samba - General mailing list
Hi Sebastian,

Am 11.05.2017 um 19:39 schrieb Sebastian Arcus via samba:
> I can see in the docs that a domain rename is not recommended/supported
> by Samba for an already provisioned domain. However, what I can't work
> out is if this is not possible during the classicupgrade step either?


Theoretically it should be possible to change the NetBIOS domain name
during the migration. In the background, Samba/Windows uses SIDs and not
names.

Try the following in a test environment:
* Set the new NetBIOS domain name in smb.conf ("workgroup" parameter).
* Run the migration
 
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)

Verify that the domain members in your test environment, that were part
of the domain before you run the migration, still work correctly
afterwards.

Please let us know if this worked.


Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Rename domain during classicupgrade step?

Samba - General mailing list

On 12/05/17 09:10, Marc Muehlfeld wrote:

> Hi Sebastian,
>
> Am 11.05.2017 um 19:39 schrieb Sebastian Arcus via samba:
>> I can see in the docs that a domain rename is not
>> recommended/supported by Samba for an already provisioned domain.
>> However, what I can't work out is if this is not possible during the
>> classicupgrade step either?
>
>
> Theoretically it should be possible to change the NetBIOS domain name
> during the migration. In the background, Samba/Windows uses SIDs and not
> names.
>
> Try the following in a test environment:
> * Set the new NetBIOS domain name in smb.conf ("workgroup" parameter).
> * Run the migration
>
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
>
>
> Verify that the domain members in your test environment, that were part
> of the domain before you run the migration, still work correctly
> afterwards.
>
> Please let us know if this worked.

With some delay, I finally got around to trying this. It appears that
things have worked out fine, as per your instructions above. The
migrated server has been running for 5 days now on a live setup of an AD
DC and 10 workstations - and everything appears ok. So I guess the
answer is that, indeed, it is possible to change the domain name during
the classicupgrade. Thank you for the pointers.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Rename domain during classicupgrade step?

Samba - General mailing list
On 30/05/17 11:48, Sebastian Arcus via samba wrote:

>
> On 12/05/17 09:10, Marc Muehlfeld wrote:
>> Hi Sebastian,
>>
>> Am 11.05.2017 um 19:39 schrieb Sebastian Arcus via samba:
>>> I can see in the docs that a domain rename is not
>>> recommended/supported by Samba for an already provisioned domain.
>>> However, what I can't work out is if this is not possible during the
>>> classicupgrade step either?
>>
>>
>> Theoretically it should be possible to change the NetBIOS domain name
>> during the migration. In the background, Samba/Windows uses SIDs and
>> not names.
>>
>> Try the following in a test environment:
>> * Set the new NetBIOS domain name in smb.conf ("workgroup" parameter).
>> * Run the migration
>>
>> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
>>
>>
>> Verify that the domain members in your test environment, that were
>> part of the domain before you run the migration, still work correctly
>> afterwards.
>>
>> Please let us know if this worked.
>
> With some delay, I finally got around to trying this. It appears that
> things have worked out fine, as per your instructions above. The
> migrated server has been running for 5 days now on a live setup of an AD
> DC and 10 workstations - and everything appears ok. So I guess the
> answer is that, indeed, it is possible to change the domain name during
> the classicupgrade. Thank you for the pointers.

I'm afraid I have to amend my earlier conclusion. In the time it has
passed, I discovered that some machines have migrated to the new domain,
while others haven't. It is odd, but it seems the machines which were on
during the migration from NT to AD are the ones which have migrated
correctly - but I could be wrong about this. The other machines are
still on the old domain name. What threw me off was the fact that users
could still login and access the shares in the new domain - but actually
they were logging in with cached credentials.

The other strange thing is that if I go on the Windows clients and
change the domain to the new name, it accepts the change and displays
"Wecome to the new_domain_name" - without prompting for administrator
credentials.

I'll keep an eye on things and see if I can understand further what
happened.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Rename domain during classicupgrade step?

Samba - General mailing list
In reply to this post by Samba - General mailing list
On 12/05/17 09:10, Marc Muehlfeld wrote:

> Hi Sebastian,
>
> Am 11.05.2017 um 19:39 schrieb Sebastian Arcus via samba:
>> I can see in the docs that a domain rename is not
>> recommended/supported by Samba for an already provisioned domain.
>> However, what I can't work out is if this is not possible during the
>> classicupgrade step either?
>
>
> Theoretically it should be possible to change the NetBIOS domain name
> during the migration. In the background, Samba/Windows uses SIDs and not
> names.
>
> Try the following in a test environment:
> * Set the new NetBIOS domain name in smb.conf ("workgroup" parameter).
> * Run the migration
>
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
>
>
> Verify that the domain members in your test environment, that were part
> of the domain before you run the migration, still work correctly
> afterwards.
>
> Please let us know if this worked.

Another update to this. The machines which I've rejoined after the
classicupgrade step, by going into Advanced System Settings and just
typing the new domain name - which gets accepted without an admin prompt
- are not working as they should. What seems to have happened is on
them, the mapping between the domain admin group and the local admin
group doesn't work. So although I am signed in as a domain admin, I get
elevation prompts, and my credentials as domain admin are quietly
refused. Either the prompt simply goes away, but the requested action
doesn't happen, or I get a "This action requires elevation" dialog.
After I fully unjoin and rejoin the machine to the domain - everything
works fine. So in conclusion, changing the domain name during the
classicupgrade step, although possible. pretty much requires unjoining
and rejoining every machine to the domain.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba