[Samba] Trust relationship fails after classicupgrade

Timo Altun olol13.samba at the-1337.org
Mon Apr 20 02:28:22 MDT 2015


Hey,

thanks Andrew, I doubt that was the problem though. In the end I couldn't
get the trust relationship to work and I'm going with Louis' suggestion now.

1. Changed the workgroup parameter in the old smb.conf from MAYWEG.NET to
MAYWEG.
2. Created the domain with the classicupgrade function with realm name
MAYWEG.NET, to have all the users and passwords from the old domain.
3. Setup the AD DC with BIND9 backend in the production network with the
old PDC and DNS Server still running.
4. Mapped the network drives for the users with old domain user accounts.
5. Change the DNS Server to AD DC and join the AD Domain from each machine.
User profiles luckily do not have to be copied, the old ones are used, as
they are not domain-specific. This only takes a minute per machine, much
less work than expected.

Next steps...once I joined all the machines to the new domain, I'll move
the file servers and change the network drive mappings.

Thanks everybody for all the advice and this incredible mailing list! I'm
pretty sure I'll need it again, but for now I'm settled :)

Greetings,
Timo



On 15 April 2015 at 13:35, Andrey Repin <anrdaemon at yandex.ru> wrote:

> Greetings, Timo Altun!
>
> > Hey Louis,
>
> > thanks for the answer! That sounds like a viable route to go. Of course
> I'd
> > prefer doing the classicupgrade and having the trust relationship still
> > intact. It did work this way at some point during testing, that's why I
> > find it hard to accept that I have to circumvent the problem like this.
> > Did somebody else lose trust relationships after classicupgrade and
> found a
> > way to restore them? I didn't find much information on this on
> > Google...only advice is to rejoin the machines to the new domain...I know
> > that works.
>
> > Maybe I still have some errors or missing parameters in my configs on the
> > AD DC?
>
> You have a dot in Workgroup name.
>
> > As always, any hints where this problem might originate from are
> > highly appreciated!
>
> > Next I'll probably try to purge all samba from the AD DC and try again.
>
> > Greetings,
> > Timo
>
> > *smb.conf*
> > [global]
> > workgroup = MAYWEG.NET
> > realm = INTRANET.MAYWEG.NET
> > netbios name = SERVER06
> > server role = active directory domain controller
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind,
> > ntp_signd, kcc, dnsupdate
> > idmap_ldb:use rfc2307 = yes
>
> > [netlogon]
> > path = /var/lib/samba/sysvol/intranet.mayweg.net/scripts
> > read only = No
>
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
>
>
> --
> With best regards,
> Andrey Repin
> Wednesday, April 15, 2015 14:34:24
>
> Sorry for my terrible english...
>


More information about the samba mailing list