[Samba] Fwd: removing windows 2003 from samba4&In-Reply-To=<4DEDC91A.3080706 at samba.org>

Matthieu Patou mat at samba.org
Sun Jun 19 05:35:20 MDT 2011


On 19/06/2011 01:33, Alan Morais wrote:
> 2011/6/18 Matthieu Patou<mat at samba.org>
>
>> Better try this:
>> ./bin/samba-tool fsmo show --url=ldap://127.0.0.1 -U administrator
>>
>> Nice :-)
> root at samba4lab:~# /usr/local/samba/bin/samba-tool fsmo show --url=ldap://
> 127.0.0.1 -U administrator
> Password for [SAMBA4\administrator]:
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
So all roles have transferred to your samba DC
>
>> You say windows 2003 is it 2003 or 2003r2 ? We mostly test Windows 2003r2,
>> Windows 2008 and Windows 2008r2. So we might have some corner cases still
>> with Windows 2003 (we had last year with samba joining a Windows 2003 DC
>> domain).
>>
>> Once I have your answer I'll try to setup a domain join samba, seize roles
>> and try to dcpromo /remove on Windows. It might not be the best idea when
>> the other DCs is saying that it wants to leave the domain to try to keep it
>> informed about changes ...
>>
>> If you are in hurry and you transferred all the roles to samba you can
>> safely remove the DC by removing the entry in Domain controllers + the
>> Server entries in the Configuration naming context, but there isn't much
>> interests do it as it will still leave some attributes. This issue should be
>> solved soon as we have a couple of patchs waiting in the queue for this but
>> for the moment they are not there ...
>>
>> Matthieu
>
> I'm using win 2003, so R2 is more recommended to work with Samba4? ( makes
> sense, compatibility issues, even M$ products have this :P )
It's not recommended it's just that we mostly use this version and 
Windows 2008R2 really so most of the tests and some real life usage are 
done with those version. It didn't means that we won't support others 
but they are more likely to have bugs, knowing also your exact version 
of windows helps us to reproduce.

> i will setup a 2003r2 Box to continue running tests( another DC), and wait
> for those patchs ( no hurry for that )
Note that if it's a test environment you can send us traces, see 
https://wiki.samba.org/index.php/Capture_Packets.
With this trace and an extract of your domain keytabs we can do great 
things.

Be sure not to have any sensitive information in the test domains (ie. 
no real production data that you would like to see on internet and no 
real production passwords).
If it is so (so no sensitive information) then please export your keytab 
like this:
samba-tool export keytab my.keytab.

Domain keytab will be stored in the file my.keytab.

Matthieu


-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary




More information about the samba-technical mailing list