[Samba] Rename domain during classicupgrade step?

Sebastian Arcus s.arcus at open-t.co.uk
Thu Jun 22 22:18:33 UTC 2017 

On 30/05/17 11:48, Sebastian Arcus via samba wrote:
> 
> On 12/05/17 09:10, Marc Muehlfeld wrote:
>> Hi Sebastian,
>>
>> Am 11.05.2017 um 19:39 schrieb Sebastian Arcus via samba:
>>> I can see in the docs that a domain rename is not 
>>> recommended/supported by Samba for an already provisioned domain. 
>>> However, what I can't work out is if this is not possible during the 
>>> classicupgrade step either?
>>
>>
>> Theoretically it should be possible to change the NetBIOS domain name 
>> during the migration. In the background, Samba/Windows uses SIDs and 
>> not names.
>>
>> Try the following in a test environment:
>> * Set the new NetBIOS domain name in smb.conf ("workgroup" parameter).
>> * Run the migration
>>
>> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) 
>>
>>
>> Verify that the domain members in your test environment, that were 
>> part of the domain before you run the migration, still work correctly 
>> afterwards.
>>
>> Please let us know if this worked.
> 
> With some delay, I finally got around to trying this. It appears that 
> things have worked out fine, as per your instructions above. The 
> migrated server has been running for 5 days now on a live setup of an AD 
> DC and 10 workstations - and everything appears ok. So I guess the 
> answer is that, indeed, it is possible to change the domain name during 
> the classicupgrade. Thank you for the pointers.

I'm afraid I have to amend my earlier conclusion. In the time it has 
passed, I discovered that some machines have migrated to the new domain, 
while others haven't. It is odd, but it seems the machines which were on 
during the migration from NT to AD are the ones which have migrated 
correctly - but I could be wrong about this. The other machines are 
still on the old domain name. What threw me off was the fact that users 
could still login and access the shares in the new domain - but actually 
they were logging in with cached credentials.

The other strange thing is that if I go on the Windows clients and 
change the domain to the new name, it accepts the change and displays 
"Wecome to the new_domain_name" - without prompting for administrator 
credentials.

I'll keep an eye on things and see if I can understand further what 
happened.

More information about the samba mailing list