[Samba] Change Netbios name during classicupgrade?
Rowland Penny
rpenny at samba.org
Tue Oct 17 10:58:04 UTC 2017
On Tue, 17 Oct 2017 10:00:51 +0200
Sami Chibani via samba <samba at lists.samba.org> wrote:
>
>
> On 16/10/2017 18:18, Rowland Penny wrote:
> >
> > 'workgroup' is not the netbios name, it is the NetBIOS domain name.
> > The workgroup should also not have a dot in it, 'DOMAIN.LAN' looks
> > suspiciously like a dns and realm name.
> >
> Indeed i lacked of precision, purpose of the post was more "change
> NetBIOS domain name during clasicupgrade".
> DOMAIN.LAN is the previous NetBIOS domain name (I know about the
> dots, but it was not set by me at the time), and that's precisely
> what i try to change during the classic upgrade, for a new name
> (without dot), like "NEWDOMAIN"
>
> >
> > > [global]
> > >
> > > netbios name = SRV-AD
> >
> > Would 'srv-ad' be the hostname of the computer ?
> Yes It would
> >
> > Lets start with you posting the [global] part of the smb.conf before
> > you did anything.
> Here's what looks like the smb.conf before I do anything (more
> complete this time):
>
> [global]
>
> netbios name = AD
>
> workgroup = DOMAIN.LAN
>
> server string = Samba server domain.lan
>
> security = user
>
> passdb backend = ldapsam:"ldap://192.168.1.20/
> ldap://192.168.1.21/"
>
> domain master = yes
> domain logons = yes
> admin users = "@Admin"
> ldap suffix = dc=domain.lan, dc=local
> ldap machine suffix = ou=hosts
> ldap user suffix = ou=users
> ldap group suffix = ou=groups
> ldap admin dn = "uid=sysadmin,ou=sysuers,dc=domain.lan,dc=local"
> obey pam restrictions = yes
> encrypt passwords = yes
> ldap password sync = yes
>
> logon path =
>
> ldapsam:trusted = yes
>
> wins support = yes
> dns proxy = no
>
>
> >
> >
> > >If it can help, I noticed that winbind was not
> > > installed on the server;
> > >
> > > #systemctl status winbind
> > > winbind.service
> > > Loaded: error (Reason: No such file or directory)
> > > Active: inactive (dead)
> > >
> >
> > Looks like you have fallen for the 'Debian nolonger installs winbind
> > when you install samba' feature. You need to install winbind
> > manually.
> >
> > Rowland
> >
> winbind was not installed on the old Samba 3 server (running
> OpenSUSE), and i just wonder if it matters to install it for the
> classicupgrade purpose, otherwise I'll just reinstall it on the new
> Samba 4 server
>
> Also I was pointing out that it was certainly SID related because
> each time I change workgroup, it just renew the domain SID;
>
> Before I change anything:
> # net getdomainsid
> SID for local machine AD is: S-1-5-21-673913221-4242741474-1014044216
> SID for domain DOMAIN.LAN is: S-1-5-21-1905493267-1041818301-753029000
>
> After I change the workgroup:
> # net getdomainsid
> SID for local machine AD is: S-1-5-21-673913221-4242741474-1014044216
> SID for domain NEWDOMAIN is: S-1-5-21-574297740-925364648-4230334621
>
Why, oh why, would anybody use 'dc=domain.lan, dc=local' instead of
'dc=domain, dc=lan' ???
This isn't really the problem though, the 'workgroup' didn't need to be
'DOMAIN.LAN' in the first place and if you change it, it becomes a new
domain and hence a new SID.
I 'think' you need to do the changes before doing the 'classicupgrade'.
I would do it step by step (in a test environment), first dump LDAP to
an ldif, change 'dc=domain.lan, dc=local' to something reasonable and
import the ldif into a new LDAP setup, make the required changes to
smb.conf without changing the workgroup and see what happens.
If this works, get the local and Domain SIDs with 'net getlocalsid' &
'net getdomainsid', change the workgroup in smb.conf, start Samba and
try resetting the SIDs with 'net setlocalsid LOCALSID' and 'net
setdomainsid DOMAINSID'
I have no idea if the above will work, I have never tried it ;-)
It does seem logical though and may be the only way you can do what
you require.
If you only have a few clients, it might be easier to set up the AD
domain from new.
Rowland
More information about the samba
mailing list