[Samba] trying to set trust throws error

itdept_head itdept_head at grown-up.com
Fri Feb 10 03:02:00 UTC 2023 



On 09/02/2023 09:20, itdept_head via samba wrote:
> 
> Very probably, when you 'rename' something, you just rename the names
> (and then not all of them), so your newly renamed domain will probably
> have the same domain SID as the old one.
> 
> 
> Rowland
> 
> 
> Ok so why does this not work... Or any combination .


Probably because the tools you are using were written to be used against 
non AD domains


The SID is what identifies the domain, but (and I have never renamed a 
domain) I am sure that when you renamed the domain, the SID was not 
changed, you didn't create a new domain, you just changed its name. If 
you do somehow manage to change the domain SID, then you will have a 
totally new domain and will probably have to rejoin all the clients.


If your NAS was joined to the old domain name, it is possible that just 
changing its domain name will all you need to do. If the domain rename 
worked correctly, then the NAS records in AD should have changed as 
well. Have you created a new dns forward zone in AD ?


Rowland

 These tools are ONLY being used against samba domains... there is not windows "AD" anyplace in this equation.
The sambas been running for several years , (& updated)

I've already written some scripts to go thru & clean up other items in the  LDAP, so  figuring it out , is really the only challenge.

The nas ..  is a sinology  business grade & the way it works is to pull all the users via a samba "bond" ,it has a complete set of all the users & the damned domains
IN the nas... which it re-reads every hour...... and these are then mapped into the file access tables.... (you can even log into it using the old domain, with the AD off.
Which means the only real way to gain access for a change over is to  setup a "trust" between the old domain & new renamed domain to access the NAS.


I tried doing a trust from the  renamed domain into the NAS directly , but it was not having it...  it looks like sinology have deliberately nobbled the  samba functionality.
, so clearly the only way forward is   renamed-> old domain->nas.

More information about the samba mailing list