Re: [Samba] workgroup versus domain name

On Fri, 27 Apr 2018 17:29:01 +0200
Klaus Hartnegg via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Am 26.04.2018 um 19:39 schrieb Rowland Penny via samba:
> > 'workgroup' is another way
> > of saying 'netbios domain name', so 'workgroup\user' means exactly
> > the same as 'domain\user'
> According to "man smb.conf" workgroup is not the same as netbios name.

Cannot argue with that, except that 'netbios name' != 'netbios domain
name' ;-)

> > When you provision a domain, it will set the netbios domain name to
> > the left hand part of the dns domain/realm
> But classicupgrade behaves differently:
> It copies workgroup from smb.pdc.conf, and sets netbios name to the 
> hostname ("dc1").

What else would you want it to use ? By the very act of running the
'classicupgrade' you are trying to create an AD version of your old
NT4-style domain, this means using the same workgroup name and SID as
the old domain and using the short hostname of the computer you are
running the update on.

> Neither of which is (in my case) part of the realm 
> (ad.COMPANY.com). I end up with three different names for the same 
> "thing": Users log on as WORKGROUP\user, shares have names 
> \\HOSTNAME\share, and RSAT shows everything inside ad.COMPANY.com.

No you don't ;-)
'WORKGROUP' is the workgroup or netbios domain name.
'HOSTNAME' is the short hostname of the computer holding the share.
'AD.COMPANY.COM' is the realm name

> On a Windows server with DFS the domain can be used for everything: 
> users are domain\user, shares are \\domain\share. Much simpler.

Users are actually 'DOMAIN\user' and I usually have to use

> Coming from Windows I'm confused that a Samba AD-DC has both domain
> and workgroup. Windows Clients have either workgroup or domain.
> Windows DCs have only domain.
> The reason for the difference between provision and classicupgrade
> might be in the examples on the wiki pages: the provisioning example
> contains the option --domain=ad, the classicupgrade example does not.
> This is probably useful when upgrading from a PDC, but it surprised
> me that workgroup can be totally different from realm.

The workgroup is also different from realm on windows machines
> What would happen if I specify --domain=ad in the classicupgrade?
> Would users and computers find that "renamed" server?

You would get an 'unknown option' error, see 'samba-tool domain
classicupgrade --help'


