Quick update on the actual issue: after removing just all the DNS entries associated with the dead DC, and restarting Windows clients and also Samba processes on the file server, my domain appears to be stable for roughly 18h now (=no logon or share/file access issues).


On 06.06.2018 21:54, lingpanda101 wrote:
On 6/6/2018 11:02 AM, Ole Traupe via samba wrote:

On 06.06.2018 16:02, Rowland Penny via samba wrote:

I seem to remember having read here on the list, that it is no good
idea to mix samba versions in a domain. If there is sound advice to
do it anyways, I would be up for trying it. However, as I have
written above, I messed up the uid/gid ranges. To my understanding,
later versions of Samba (like 4.5) _require_ the ranges to comply to
the defaults as denoted by the wiki.
There is nothing to stop you using different versions on DCs and you
can do the same with Unix domain members, unless you are using the 'ad'
backend  and are NOT using Domain Users as the users Unix primary group.
It is however, best practise to use the same major version, just to get
similar capabilities on all machines.

So in theory, if I hadn't messed up my id map ranges (domain groups start with 2000), and if I hadn't begun removing stuff manually, and if I wouldn't use Domain Users as primary group, I could have joined an up-to-date DC and used the new script for demoting the dead one.

I am not trying to sound sarcastic. I am trying to understand, and see whether perhaps there is still hope for such a maneuver.



    Yes. However can you point me to the patch notes where you indicate you are unable to upgrade? I don't see why you still can't join a new machine if you cleanup the current DC. I assume reading the patch notes would clarify this for me.


