Web lists-archives.com

Re: [Samba] AD member server, some users suddenly can only connect to shares via ip address




On Fri, 26 Apr 2019 09:59:26 +0200
Neil Price via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On 2019/04/25 16:24, Rowland Penny via samba wrote:
> (.. lots of helpful stuff)
> 
> Thanks for advice on smb.conf..
> 
> Today people who could not access it yesterday can, and some people
> who could access it can't and even one who cannot access it via the
> ip address, so you know what I'll be doing this weekend.
> 
> > You said above that 'gibb.local' is a trusted domain that was used
> > for migration. Two questions about this, is 'gibb.local' the
> > workgroup name, if so, why does it have a dot in it ? Secondly, you
> > mentioned 'migrate', do you mean you migrated 'gibb.local' (a PDC
> > domain) to the 'GIBB' AD domain ? if so, you should immediately
> > turn off 'gibb.local', it will have the same SID as 'GIBB'
> > If this isn't the case, can you explain further what you mean by
> > 'migrate' ?  
> 
> I did not use the samba migration tools so the SIDs are different. I 
> used the trust because we could migrate people and machines at
> leisure and without downtime. It has not caused problems (but will be
> removed shortly). We did try the  migration tools but it puked on our
> ldap.

OK, understood, my fear was that you had run 'classicupgrade' and
basically cloned all your PDC info into your new AD DC. This would have
included the SID and it is the SID that identifies the domain, two
domains with one SID wouldn't be a good idea ;-)

I do however feel that somehow the trusted domain is causing this,
going away to think about it .

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba