[Samba] Change Netbios name during classicupgrade?
Sami Chibani
sami.chibani at educagri.fr
Tue Oct 17 12:56:27 UTC 2017
Well, let's try to be more precise about my issue and give some updates:
I try to make a classicupgrade and meanwhile, change the Domain name
during the process, which includes realm and NetBIOS domain name. I
precisely meet difficulties with changing the NetBIOS domain name.
What i've tried so far:
1)
Change the NetBIOS domain name "workgroup" attribute on the old Samba 3
server before migration; Each time this operation will also change the
domain SID and I lose all my members. I tried to put back the old domain
sid with
#net setdomainsid [original SID]
But this never worked
2)
As all my attempts to reset the domain SID to its initial value after
workgroup change failed on the old Samba 3 server before classicupgrade,
i just tried to do it after.
I ran classicupgrade, and let workgroup attribute to old value.
Just after migration, here's how looks like the domain:
#samba-tool domain info 192.168.1.60
Forest : newdomain.lan
Domain : newdomain.lan.
Netbios domain : OLDDOMAIN.LAN ## The old name
DC name : srv-ad.newdomain.lan
DC netbios name : SRV-AD
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
Everythings works fine, i got all my users, and machines find back the
DC. And winbindd maps all users under this name:
#wbinfo -u
OLDDOMAIN.LAN\user
my logs show no error, and here what looks like my smb.conf:
[global]
netbios name = SRV-AD
realm = NEWDOMAIN.LAN
workgroup = OLDDOMAIN.LAN
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
tls enabled = yes
tls keyfile = tls/myKey.pem
tls certfile = tls/myCert.pem
tls cafile =
dns forwarder = 192.168.200.3 #external DNS
Then when i change the value "workgroup" of smb.conf in order to change
the NetBIOS domain name and reload, this time i notice that my domain
SID remains the same before and after the change.
This time also the command pdbedit -L catches all users like before
the change.
However, there seems to be an issue with winbindd.
Any wbinfo-u fails, and wbinfo -p doesnt ping anymore:
#wbinfo -p
Ping to winbindd failed
could not ping winbindd!
Here's the logs:
oct. 17 14:08:37 srv-ad.newdomain.lan systemd[1]: Started Samba AD Daemon.
oct. 17 14:08:37 srv-ad.newdomain.lan samba[489]: [2017/10/17
14:08:37.274937, 0] ../lib/util/become_daemon.c:124(daemon_ready)
oct. 17 14:08:37 srv-ad.newdomain.lan samba[489]: STATUS=daemon
'samba' finished starting up and ready to serve connections
oct. 17 14:08:37 srv-ad.newdomain.lan samba[509]: [2017/10/17
14:08:37.317594, 0] ../source4/lib/tls/tlscert.c:57(tls_cert_generate)
oct. 17 14:08:37 srv-ad.newdomain.lan samba[509]: TLS autogeneration
skipped - some TLS files already exist
oct. 17 14:08:38 srv-ad.newdomain.lan samba[519]: [2017/10/17
14:08:38.671074, 0]
../source4/smbd/service_task.c:35(task_server_terminate)
oct. 17 14:08:38 srv-ad.newdomain.lan samba[519]: task_server_terminate:
[Failed to obtain server credentials, perhaps a standalone server?:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
oct. 17 14:08:38 srv-ad.newdomain.lan samba[519]: ]
oct. 17 14:08:39 srv-ad.newdomain.lan samba[519]: [2017/10/17
14:08:39.371865, 0] ../source4/smbd/server.c:211(samba_terminate)
oct. 17 14:08:39 srv-ad.newdomain.lan samba[519]: samba_terminate of
519: Failed to obtain server credentials, perhaps a standalone server?:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
oct. 17 14:08:39 srv-ad.newdomain.lan samba[519]:
oct. 17 14:08:40 srv-ad.newdomain.lan winbindd[517]: [2017/10/17
14:08:40.117399, 0]
../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache)
oct. 17 14:08:40 srv-ad.newdomain.lan winbindd[517]:
initialize_winbindd_cache: clearing cache and re-creating with version
number 2
oct. 17 14:08:42 srv-ad.newdomain.lan winbindd[517]: [2017/10/17
14:08:42.421031, 0]
../source3/winbindd/winbindd_util.c:772(migrate_secrets_tdb_to_ldb)
oct. 17 14:08:42 srv-ad.newdomain.lan winbindd[517]: Failed to fetch
our own, local AD domain join password for winbindd's internal use, both
from secrets.tdb and secrets.ldb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
oct. 17 14:08:42 srv-ad.newdomain.lan winbindd[517]: [2017/10/17
14:08:42.423250, 0]
../source3/winbindd/winbindd_util.c:872(init_domain_list)
oct. 17 14:08:42 srv-ad.newdomain.lan winbindd[517]: Failed to migrate
our own, local AD domain join password for winbindd's internal use into
secrets.tdb
oct. 17 14:08:42 srv-ad.newdomain.lan winbindd[517]: [2017/10/17
14:08:42.423828, 0]
../source3/winbindd/winbindd.c:1401(winbindd_register_handlers)
oct. 17 14:08:42 srv-ad.newdomain.lan winbindd[517]: unable to
initialize domain list
oct. 17 14:08:42 srv-ad.newdomain.lan samba[514]: [2017/10/17
14:08:42.473613, 0] ../source4/winbind/winbindd.c:47(winbindd_done)
oct. 17 14:08:42 srv-ad.newdomain.lan samba[514]: winbindd daemon died
with exit status 1
oct. 17 14:08:42 srv-ad.newdomain.lan samba[514]: [2017/10/17
14:08:42.473754, 0]
../source4/smbd/service_task.c:35(task_server_terminate)
oct. 17 14:08:42 srvads.ensfea.fr samba[514]: task_server_terminate:
[winbindd child process exited]
oct. 17 14:08:44 srvads.ensfea.fr smbd[512]: [2017/10/17
14:08:44.734297, 0] ../lib/util/become_daemon.c:124(daemon_ready)
oct. 17 14:08:44 srvads.ensfea.fr smbd[512]: STATUS=daemon 'smbd'
finished starting up and ready to serve connections
oct. 17 14:08:58 srvads.ensfea.fr samba[518]: [2017/10/17
14:08:58.529754, 0]
../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
oct. 17 14:08:58 srvads.ensfea.fr samba[518]:
../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error
code 110
I feel i'm quite close from the goal but definitely stuck at some
obvious point...
Any way i definitely don't want to give up otherwise would mean rebuild
a domain of 300 machines and 3000 accounts...
Your help is greatly appreciated... Thanks by advance
Sam
On 17/10/2017 10:00, Sami Chibani wrote:
>
>
> Here's what looks like the smb.conf before I do anything (more
> complete this time):
>
> [global]
>
> netbios name = AD
>
> workgroup = DOMAIN.LAN
>
> server string = Samba server domain.lan
>
> security = user
>
> passdb backend = ldapsam:"ldap://192.168.1.20/ ldap://192.168.1.21/"
>
> domain master = yes
> domain logons = yes
> admin users = "@Admin"
> ldap suffix = dc=domain.lan, dc=local
> ldap machine suffix = ou=hosts
> ldap user suffix = ou=users
> ldap group suffix = ou=groups
> ldap admin dn = "uid=sysadmin,ou=sysuers,dc=domain.lan,dc=local"
> obey pam restrictions = yes
> encrypt passwords = yes
> ldap password sync = yes
>
> logon path =
>
> ldapsam:trusted = yes
>
> wins support = yes
> dns proxy = no
>
> Also I was pointing out that it was certainly SID related because each
> time I change workgroup, it just renew the domain SID;
>
> Before I change anything:
> # net getdomainsid
> SID for local machine AD is: S-1-5-21-673913221-4242741474-1014044216
> SID for domain DOMAIN.LAN is: S-1-5-21-1905493267-1041818301-753029000
>
> After I change the workgroup:
> # net getdomainsid
> SID for local machine AD is: S-1-5-21-673913221-4242741474-1014044216
> SID for domain NEWDOMAIN is: S-1-5-21-574297740-925364648-4230334621
>
>
>
>
>
More information about the samba
mailing list