Re: [Samba] migrating windows 2003 to samba4
- Date: Fri, 21 Jul 2017 15:32:31 +1200
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] migrating windows 2003 to samba4
On Fri, 2017-07-21 at 00:10 -0300, Guido Lorenzutti wrote:
> On Fri, 21 Jul 2017 13:38:07 +1200, Andrew Bartlett via samba wrote:
> > On Thu, 2017-07-20 at 19:29 -0300, Guido Lorenzutti via samba wrote:
> > > Hi there people! I been playing a bit with samba4 and I feel ready to move a small domain I have from Windows2003 to samba4. But I did not find a how to. I only have 10 users and 10 workstations, static ips, and only filesharing. It should be easy. Could someone point me to the right direction?
> > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
> > That should all just work. If you can, try using the microsoft tools
> > (adprep) to prepare the schema for 2008r2 first so you have the same
> > schema as a new install.
> > https://technet.microsoft.com/en-us/library/dd378876(v=ws.10).aspx
> > (We expect to have schema upgrade tools on the Samba side in 4.8, but
> > we can't currently do this automatically).
> > Thanks,
> > Andrew Bartlett
> > -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
> Just to add a few points, the link so far helps.
> But the kinit administrator had a problem:
> root@dc:/etc/samba# kinit administrator
> Password for administrator@TRUST.LOCAL:
> kinit: KDC has no support for encryption type while getting initial credentials
> I fix it with:
> root@dc:/etc/samba# cat /etc/krb5.conf
> dns_lookup_realm = false
> dns_lookup_kdc = true
> default_realm = TRUST.LOCAL
> default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> Then everything else works.
You don't need the DES types, but you likely do need the arcfour-hmac-
md5 until you upgrade the domain functional level and reset the
passwords, including of the krbtgt key (so they get modern hashes).
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the