Web lists-archives.com

[Samba] Convert Member Server to DC




I have some hardware running CentOS 7 and Sernet Samba 4.7 that started out as a member server that I would like to make into a 2nd DC. However I am having trouble converting it because it seems I am not removing all the remnants of the client setup. What I thought I would have to do is this:

1.) net ads leave -U administrator
2.) Remove the machine entry on the 1st DC
3.) mv /var/lib/samba /var/lib/samba-client
4.) mv /etc/krb5.keytab /etc/krb5.keytab-client
5.) samba-tool domain join 2nd DC

I am having problems right off the start in that item 1.) throws this message:
> net ads leave -U 'MYDC\administrator'
Enter MYDC\administrator's password:
Disabled account for 'MACHINE' in realm '(null)'

I thought this command would remove the machine account from the 1st DC but it does not seem to do that hence item 2. Is it good enough to just remove the machine account via ldbedit? The last part "in realm '(null)'" bothers me as it seems the realm should not be null. On the other hand I can re-join as a client with no issues.

> net ads join -U 'MYDC\administrator'
Enter MYDC\administrator's password:
Using short domain name -- MYDC
Joined 'MACHINE' to dns domain 'mydc.mydom.com'

Steps 3 and 4 are there for backup in case I want to go back to having the machine as a client. And 5 would be to join the machine as a 2nd DC... obviously I would follow all the wiki instructions at step 5. Is there anything else I have to do to convert?

--
Paul (ganci@xxxxxxxxxx)
Cell: (303)257-5208

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba