[Samba] migrating windows 2003 to samba4
Andrew Bartlett
abartlet at samba.org
Fri Jul 21 03:32:31 UTC 2017
On Fri, 2017-07-21 at 00:10 -0300, Guido Lorenzutti wrote:
> On Fri, 21 Jul 2017 13:38:07 +1200, Andrew Bartlett via samba wrote:
> > On Thu, 2017-07-20 at 19:29 -0300, Guido Lorenzutti via samba wrote:
> > > Hi there people! I been playing a bit with samba4 and I feel ready to move a small domain I have from Windows2003 to samba4. But I did not find a how to. I only have 10 users and 10 workstations, static ips, and only filesharing. It should be easy. Could someone point me to the right direction?
> >
> > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
> >
> > That should all just work. If you can, try using the microsoft tools
> > (adprep) to prepare the schema for 2008r2 first so you have the same
> > schema as a new install.
> >
> > https://technet.microsoft.com/en-us/library/dd378876(v=ws.10).aspx
> >
> > (We expect to have schema upgrade tools on the Samba side in 4.8, but
> > we can't currently do this automatically).
> >
> > Thanks,
> >
> > Andrew Bartlett
> >
> > -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
>
> Just to add a few points, the link so far helps.
> But the kinit administrator had a problem:
> root at dc:/etc/samba# kinit administrator
> Password for administrator at TRUST.LOCAL:
> kinit: KDC has no support for encryption type while getting initial credentials
>
> I fix it with:
>
> root at dc:/etc/samba# cat /etc/krb5.conf
> [libdefaults]
> dns_lookup_realm = false
> dns_lookup_kdc = true
> default_realm = TRUST.LOCAL
> default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
>
> Then everything else works.
You don't need the DES types, but you likely do need the arcfour-hmac-
md5 until you upgrade the domain functional level and reset the
passwords, including of the krbtgt key (so they get modern hashes).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list