Web lists-archives.com

[Samba] Windows client still tries to connect to old AD after replacement




Thanks Rowland,

OK, sorry about this...

Note that the "Old AD" has some errors in their config files, but everything sort of work so I'm not going to fix those errors - my concern is obviously just the "New AD".  I've not set up printing in the new AD yet as it doesn't work in the old one anyway, and that's a discussion in a future thread.  Note "domain" is a replacement for the actual domain name.  Nothing is internet facing, and shouldn't be apart from DNS (well, I hope!).

---------------------------------------------------------------------
Old AD

Name - ad.domain.intranet
IP - 192.168.0.17
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-8-amd64
Samba version: 4.5.12-Debian

/etc/hostname:
ad

/etc/hosts:
127.0.0.1       localhost
192.168.0.17    ad.domain.intranet ad
192.168.0.21    domain-ad.domain.intranet     domain-ad

# The following lines are desirable for IPv6 capable hosts

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/resolv.conf:
domain Hitronhub.home
search Hitronhub.home
nameserver 192.168.0.1

/etc/krb5.conf
[libdefaults]
        default_realm = DOMAIN.INTRANET
        dns_lookup_realm = false
        dns_lookup_kdc = true

/etc/samba/smb.conf
# Global parameters
[global]
        netbios name = AD
        realm = DOMAIN.INTRANET
        workgroup = DOMAIN
        dns forwarder = 192.168.0.1
        server role = active directory domain controller
        rpc_server:spoolss = external
        rpc_daemon:spoolssd = fork
        printing = CUPS
        spoolss: architecture = Windows x64

[netlogon]
        path = /var/lib/samba/sysvol/cfd.intranet/scripts
        read only = No
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
[Profiles]
        path = /home/samba/Profiles
        read only = no
        veto files = /*sync*/
[users]
        path = /home/samba/users
        read only = no
[printers]
        path = /var/spool/samba
        printable = yes
[print$]
        path = /srv/samba/printer_drivers/
        read only = no

---------------------------------------------------------------------
New AD

Name - domain-ad.domain.intranet
IP - 192.168.0.11
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-8-amd64
Samba version: 4.5.12-Debian

/etc/hostname:
domain-ad

/etc/hosts:
127.0.0.1       localhost
192.168.0.11    domain-ad.domain.intranet     domain-ad

# The following lines are desirable for IPv6 capable hosts

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/resolv.conf

domain domain.intranet
search domain-ad.domain.intranet
nameserver 192.168.0.11

/etc/krb5.conf
[libdefaults]
        default_realm = DOMAIN.INTRANET
        dns_lookup_realm = false
        dns_lookup_kdc = true

/etc/samba/smb.conf
# Global parameters
[global]
        netbios name = DOMAIN-AD
        realm = DOMAIN.INTRANET
        workgroup = DOMAIN
        dns forwarder = 192.168.0.1
        server role = active directory domain controller
        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes
[netlogon]
        path = /var/lib/samba/sysvol/domain.intranet/scripts
        read only = No
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
[Profiles]
        path = /home/samba/Profiles
        read only = no
        veto files = /*sync*/
[users]
        path = /home/samba/users
        read only = no

---------------------------------------------------------------------
> I see that they are both subdomains of the 'domain.intranet' dns
> domain, but have you used a new workgroup name for the new AD domain ?

Wasn't aware workgroups were used?  The workgroup is blanked out in the "Computer Name\Domain Changes" box?

> Have your clients left the old domain and joined the new domain ?

Yes - I just used one client - disconnected it from the old domain, joined the workgroup "WORKGROUP", changed the DNS settings as per the how-to page here:

https://wiki.samba.org/index.php/Windows_DNS_Configuration

so it points to 192.168.0.11.  Then I turned off the old server and rebooted the test client, connected it to the new AD server, and then followed the following how-to pages here to point them all to the new server:

https://wiki.samba.org/index.php/User_Home_Folders
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles

but I get the issues I spoke about earlier.  I'm sure I'm missing something.  Many thanks again for your time!

With kind regards - Piers

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba