[Samba] Samba on Debian 8; NT4 domain, win10

Stefan G. Weichinger lists at xunil.at
Wed Dec 14 17:53:04 UTC 2016 

Am 2016-12-14 um 12:25 schrieb Rowland Penny via samba:

>> * kinit: Do I have to run that after every reboot of the PDC? I don't
>> plan to do that all the time but we have to *know* what to do in case.
>> In my tests I had the impression that this wasn't kept up by itself.
>
> No you don't and please stop calling it a PDC, your old domain
> controller was a PDC, your new one is just a DC. All AD DCs are equal
> except for the FSMO roles and these can be on any DC.

OK, understood, sorry ;-)

ad klist: after a boot there is no ticket listed with "klist".
Does that get created after a few minutes or ... ?

>> * we had to change the IP of the Test-PDC after classicupgrade, I then
>> noticed some loglines around samba_dnsupdate trying to contact the DNS
>> under the old IP. How can I fix that? yesterday I reran classicupgrade
>> as we hadn't done any new work yet, but that is no solution for
>> production ;-)
>
> There is a wiki page for this:
> https://wiki.samba.org/index.php/Change_IP_address_of_an_Samba_AD_DC

thanks for the pointer.

>> * I have to move over the test-config to another VM then for
>> production, this also means changing the IP and maybe the
>> linux-hostname. Is that a problem, should that be avoided?
>
> Whilst I have never done this, changing the hostname should be fairly
> easy, do the classicupgrade on the machine that has the hostname you
> require and then change to the 'netbios name' in smb.conf to reflect
> the new hostname.

changing the name is nice to have, not explicitly needed here.
More a cosmetic issue. I will try that.

>> * What is the recommended way to pull backups of the PDC? Just tar up
>> /var/lib/samba ? Run some export script or so?
>
> The best way of doing backups is not to do them ;-)
> Add a second DC and replication will do it for you. There is a script
> that comes with Samba, but it is a bit basic, you will find a better
> one here:
>
> https://github.com/thctlo/samba4/tree/master/backup-script

looks good, thanks!

>> * and what is the recommended way of actually swapping PDC from NT4
>> to ADS?
>>
>> turn down all clients, and NT4-PDC, then turn up ADS-PDC, and client
>> after client?
>
> If you have done it correctly, your windows clients shouldn't really
> notice the difference, but there is a gotcha, it appears that once your
> windows clients connect an AD domain, they will never go back to the
> NT4-style domain.

yes, that is exactly why I am asking!

:-)

I will look for ways of checking on the client if it has contacted the 
new DC already. We (the admin there and I) just discussed things and 
assumed turning off all PCs would be a more definitive way of "switching 
over".

I assume there is no ultimate test for the successful migration, just 
test stuff like logging in, joining systems, using the whole domain?

>> Thanks a lot, I am looking forward to actually rolling this out in
>> january ...
>
> Hope everything goes all right for you.

yesterday's tests made me more confident already, I will do one site at 
first and another after success at the first one (2 separate companies, 
not one domain)

Stefan

More information about the samba mailing list