[Samba] Convert Member Server to DC

Paul R. Ganci ganci at nurdog.com
Sun Dec 31 00:22:02 UTC 2017

I have some hardware running CentOS 7 and Sernet Samba 4.7 that started 
out as a member server that I would like to make into a 2nd DC. However 
I am having trouble converting it because it seems I am not removing all 
the remnants of the client setup. What I thought I would have to do is this:

1.) net ads leave -U administrator
2.) Remove the machine entry on the 1st DC
3.) mv /var/lib/samba /var/lib/samba-client
4.) mv /etc/krb5.keytab /etc/krb5.keytab-client
5.) samba-tool domain join 2nd DC

I am having problems right off the start in that item 1.) throws this 
 > net ads leave -U 'MYDC\administrator'
Enter MYDC\administrator's password:
Disabled account for 'MACHINE' in realm '(null)'

I thought this command would remove the machine account from the 1st DC 
but it does not seem to do that hence item 2. Is it good enough to just 
remove the machine account via ldbedit? The last part "in realm 
'(null)'" bothers me as it seems the realm should not be null. On the 
other hand I can re-join as a client with no issues.

 > net ads join -U 'MYDC\administrator'
Enter MYDC\administrator's password:
Using short domain name -- MYDC
Joined 'MACHINE' to dns domain 'mydc.mydom.com'

Steps 3 and 4 are there for backup in case I want to go back to having 
the machine as a client. And 5 would be to join the machine as a 2nd 
DC... obviously I would follow all the wiki instructions at step 5. Is 
there anything else I have to do to convert?

Paul (ganci at nurdog.com)
Cell: (303)257-5208

More information about the samba mailing list