Web lists-archives.com

Re: [Samba] Change Netbios name during classicupgrade?




On Tue, 17 Oct 2017 10:00:51 +0200
Sami Chibani via samba <samba@xxxxxxxxxxxxxxx> wrote:

> 
> 
> On 16/10/2017 18:18, Rowland Penny wrote:
> >
> > 'workgroup' is not the netbios name, it is the NetBIOS domain name.
> > The workgroup should also not have a dot in it, 'DOMAIN.LAN' looks
> > suspiciously like a dns and realm name.
> >
> Indeed i lacked of precision, purpose of the post was more "change 
> NetBIOS domain name during clasicupgrade".
> DOMAIN.LAN is the previous NetBIOS domain name (I know about the
> dots, but it was not set by me at the time), and that's precisely
> what i try to change during the classic upgrade, for a new name
> (without dot), like "NEWDOMAIN"
> 
> >
> > > [global]
> > > 
> > >      netbios name = SRV-AD
> >
> > Would 'srv-ad' be the hostname of the computer ?
> Yes It would
> >
> > Lets start with you posting the [global] part of the smb.conf before
> > you did anything.
> Here's what looks like the smb.conf before I do anything (more
> complete this time):
> 
> [global]
> 
>      netbios name = AD
> 
>      workgroup = DOMAIN.LAN
> 
>      server string = Samba server domain.lan
> 
>      security = user
> 
>      passdb backend = ldapsam:"ldap://192.168.1.20/
> ldap://192.168.1.21/";
> 
>      domain master = yes
>      domain logons = yes
>      admin users = "@Admin"
>      ldap suffix = dc=domain.lan, dc=local
>      ldap machine suffix = ou=hosts
>      ldap user suffix = ou=users
>      ldap group suffix = ou=groups
>      ldap admin dn = "uid=sysadmin,ou=sysuers,dc=domain.lan,dc=local"
>      obey pam restrictions = yes
>      encrypt passwords = yes
>      ldap password sync = yes
> 
>      logon path =
> 
>      ldapsam:trusted = yes
> 
>      wins support = yes
>      dns proxy = no
> 
> 
> >
> >
> > >If it can help, I noticed that winbind was not
> > > installed on the server;
> > > 
> > > #systemctl status winbind
> > > winbind.service
> > >           Loaded: error (Reason: No such file or directory)
> > >           Active: inactive (dead)
> > > 
> >
> > Looks like you have fallen for the 'Debian nolonger installs winbind
> > when you install samba' feature. You need to install winbind
> > manually.
> >
> > Rowland
> >
> winbind was not installed on the old Samba 3 server (running
> OpenSUSE), and i just wonder if it matters to install it for the
> classicupgrade purpose, otherwise I'll just reinstall it on the new
> Samba 4 server
> 
> Also I was pointing out that it was certainly SID related because
> each time I change workgroup, it just renew the domain SID;
> 
> Before I change anything:
> # net getdomainsid
> SID for local machine AD is: S-1-5-21-673913221-4242741474-1014044216
> SID for domain DOMAIN.LAN is: S-1-5-21-1905493267-1041818301-753029000
> 
> After I change the workgroup:
> # net getdomainsid
> SID for local machine AD is: S-1-5-21-673913221-4242741474-1014044216
> SID for domain NEWDOMAIN is: S-1-5-21-574297740-925364648-4230334621
> 

Why, oh why, would anybody use 'dc=domain.lan, dc=local' instead of
'dc=domain, dc=lan' ???

This isn't really the problem though, the 'workgroup' didn't need to be
'DOMAIN.LAN' in the first place and if you change it, it becomes a new
domain and hence a new SID.

I 'think' you need to do the changes before doing the 'classicupgrade'.

I would do it step by step (in a test environment), first dump LDAP to
an ldif, change 'dc=domain.lan, dc=local' to something reasonable and
import the ldif into a new LDAP setup, make the required changes to
smb.conf without changing the workgroup and see what happens.

If this works, get the local and Domain SIDs with 'net getlocalsid' &
'net getdomainsid', change the workgroup in smb.conf, start Samba and
try resetting the SIDs with 'net setlocalsid LOCALSID' and 'net
setdomainsid DOMAINSID'

I have no idea if the above will work, I have never tried it ;-)
It does seem logical though and may be the only way you can do what
you require.

If you only have a few clients, it might be easier to set up the AD
domain from new.

Rowland
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba