Web lists-archives.com

Re: [Samba] Windows client still tries to connect to old AD after replacement




See inline comments:

On Mon, 4 Feb 2019 18:32:49 +0000
Piers Kittel via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Thanks Rowland,
> 
> OK, sorry about this...
> 
> Note that the "Old AD" has some errors in their config files, but 
> everything sort of work so I'm not going to fix those errors - my 
> concern is obviously just the "New AD".  I've not set up printing in
> the new AD yet as it doesn't work in the old one anyway, and that's a 
> discussion in a future thread.  Note "domain" is a replacement for
> the actual domain name.  Nothing is internet facing, and shouldn't be
> apart from DNS (well, I hope!).
> 
> ---------------------------------------------------------------------
> Old AD
> 
> Name - ad.domain.intranet
> IP - 192.168.0.17
> Operating System: Debian GNU/Linux 9 (stretch)
> Kernel: Linux 4.9.0-8-amd64
> Samba version: 4.5.12-Debian
> 
> /etc/hostname:
> ad
> 
> /etc/hosts:
> 127.0.0.1       localhost
> 192.168.0.17    ad.domain.intranet ad
> 192.168.0.21    domain-ad.domain.intranet     domain-ad

Remove the line above, this is the old AD domain and shouldn't have
anything pointing to the new one.

> 
> /etc/resolv.conf:
> domain Hitronhub.home
> search Hitronhub.home
> nameserver 192.168.0.1

This is a DC, it should be pointing to itself as a nameserver.


> 
> /etc/samba/smb.conf
> # Global parameters
> [global]
>          netbios name = AD
>          realm = DOMAIN.INTRANET
>          workgroup = DOMAIN

What did you say about workgroups ?
I do hope that 'DOMAIN' in the above line isn't the same as on the new
AD DC.

>          dns forwarder = 192.168.0.1
>          server role = active directory domain controller
>          rpc_server:spoolss = external
>          rpc_daemon:spoolssd = fork
>          printing = CUPS
>          spoolss: architecture = Windows x64
> 
> ---------------------------------------------------------------------
> New AD
> 
> Name - domain-ad.domain.intranet
> IP - 192.168.0.11
> Operating System: Debian GNU/Linux 9 (stretch)
> Kernel: Linux 4.9.0-8-amd64
> Samba version: 4.5.12-Debian
> 
> /etc/hostname:
> domain-ad
> 
> /etc/hosts:
> 127.0.0.1       localhost
> 192.168.0.11    domain-ad.domain.intranet     domain-ad
> 
> # The following lines are desirable for IPv6 capable hosts
> 
> /etc/resolv.conf
> 
> domain domain.intranet
> search domain-ad.domain.intranet
> nameserver 192.168.0.11

Hmm, that looks like you are trying to search the DC hostname instead
of the dns domain name, remove 'domain-ad' from the search line.
This does of course raise another problem, even though you claim you
have set up a new domain, you haven't. Both your DC's use the same ip
range, dns domain and presumably, the same workgroup name.


> 
> /etc/samba/smb.conf
> # Global parameters
> [global]
>          netbios name = DOMAIN-AD
>          realm = DOMAIN.INTRANET
>          workgroup = DOMAIN
>          dns forwarder = 192.168.0.1
>          server role = active directory domain controller
>          vfs objects = acl_xattr
>          map acl inherit = yes
>          store dos attributes = yes
> [netlogon]
>          path = /var/lib/samba/sysvol/domain.intranet/scripts
>          read only = No
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
> [Profiles]
>          path = /home/samba/Profiles
>          read only = no
>          veto files = /*sync*/
> [users]
>          path = /home/samba/users
>          read only = no
> 
> ---------------------------------------------------------------------
>  > I see that they are both subdomains of the 'domain.intranet' dns
>  > domain, but have you used a new workgroup name for the new AD
>  > domain ?
> 
> Wasn't aware workgroups were used?  The workgroup is blanked out in
> the "Computer Name\Domain Changes" box?

It might be, but they are still used

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba