[Samba] Create Domain Trust Help Samba-4.3.2
rpenny at samba.org
Mon Dec 14 16:25:52 UTC 2015
OOPs, I really must get a new pair of glasses, I totally missed this lot
in the mess that appeared in my email client :-D
On 14/12/15 15:36, Bob Thomas wrote:
> Thank You for the quick response. I am not sure how to post added info
> or answers here, I tried twice posting a reply at
> http://www.eenyhelp.com Friday on the subject and verified it. I got
> the notice that the update would be posted in about a hour but --
> nothing. I tried again this morning and still nothing. It that the
> correct place to post updates?
Just reply to the sambalist, it will do the rest.
> As for my Issue,
> You are correct, I am trying to create a new AD domain and then set up
> trusts between your old NT4 domain and your new AD domain.
> I have looked into the classic-upgrade but not sure it will work for
> me because my old domain is a MS NT4 domain not Samba. Not to
> mention, the accounts have been neglected for years and I really don't
> want to transfer the mess into AD.
OK, I understand it better now, you want to lose the NT domain and move
Not sure if I would do it the way you are trying, how many computers and
> As for my smb.conf, my mistake - I posted the output of testparm and
> not the actual config which is below, If you have any recommended
> changes please advise:
> workgroup = CY
> realm = CY.ABC.BIZ
> netbios name = SDC
> server role = active directory domain controller
> server services = dns, s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
> allow dns updates = nonsecure
> dns forwarder = 10.157.1.178
> security = user
> kccsrv:samba_kcc = false
> wins support = true
> idmap config *:backend = tdb
> idmap config *:range = 5000-9999
> idmap config CY:backend = ad
> idmap config CY:schema_mode = rfc2307
> idmap config CY:range = 10000-29999
> # Use home directory and shell information from AD
> winbind nss info = rfc2307
> path = /var/lib/samba/sysvol/cy.abc.biz/scripts
> read only = No
> path = /var/lib/samba/sysvol
> read only = No
Yes, as I said before, put it back to what it was before you started
adding things to it.
> As for the test environment, I have been testing for over two months
> with the Ubuntu repository Samba version 4.1.6, but just recently
> upgraded to 4.3.2 hoping I could get the trust relationship working.
> The MS NT4 domain is our production domain and not sure I could
> duplicate it in a test environment. So I would like to gradually move
> Samba into production - Using the domain trust so I can test things as
> they are moved over.
I would setup a new domain, extract your users & groups etc from your
old domain, remove anything you no longer require and then create them
in your new domain. Then start adding your computers to the new domain a
few at a time.
> So back to my original question, Is it possible to create the trust
> between Samba-AD 4.1.6 and a MS NT4 domain. If so how?
See my earlier incorrect post.
More information about the samba