Web lists-archives.com

Re: [Samba] migrating windows 2003 to samba4




On Fri, 2017-07-21 at 00:10 -0300, Guido Lorenzutti wrote:
> On Fri, 21 Jul 2017 13:38:07 +1200, Andrew Bartlett via samba wrote:
> > On Thu, 2017-07-20 at 19:29 -0300, Guido Lorenzutti via samba wrote:
> > > Hi there people! I been playing a bit with samba4 and I feel ready to move a small domain I have from Windows2003 to samba4. But I did not find a how to. I only have 10 users and 10 workstations, static ips, and only filesharing. It should be easy. Could someone point me to the right direction?
> > 
> > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
> > 
> > That should all just work.  If you can, try using the microsoft tools
> > (adprep) to prepare the schema for 2008r2 first so you have the same
> > schema as a new install. 
> > 
> > https://technet.microsoft.com/en-us/library/dd378876(v=ws.10).aspx
> > 
> > (We expect to have schema upgrade tools on the Samba side in 4.8, but
> > we can't currently do this automatically). 
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> > 
> > -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba 
> 
>  
> Just to add a few points, the link so far helps.
> But the kinit administrator had a problem:
> root@dc:/etc/samba# kinit administrator
> Password for administrator@TRUST.LOCAL: 
> kinit: KDC has no support for encryption type while getting initial credentials
>  
> I fix it with:
>  
> root@dc:/etc/samba# cat /etc/krb5.conf 
> [libdefaults]
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = true
> 	default_realm = TRUST.LOCAL
> 	default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> 	default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
>  
> Then everything else works.

You don't need the DES types, but you likely do need the arcfour-hmac-
md5 until you upgrade the domain functional level and reset the
passwords, including of the krbtgt key (so they get modern hashes).

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba