[Samba] Rename domain

Thu Oct 11 14:02:36 UTC 2018

*Philippe MALADJIAN
Responsable informatique | administrateur système*

Le 10/10/2018 à 08:30, Andrew Bartlett via samba a écrit :
> On Fri, 2018-10-05 at 11:22 +0200, Philippe Maladjian via samba wrote:
>> *Philippe MALADJIAN
>> Responsable informatique | administrateur système*
>> Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr
>> <mailto:pmaladjian at hilaire.fr>
>>
>>
>> 	
>>
>> Le 03/10/2018 à 17:29, Rowland Penny via samba a écrit :
>>> On Wed, 3 Oct 2018 16:54:02 +0200
>>> Philippe Maladjian via samba <samba at lists.samba.org> wrote:
>>>
>>>> *Philippe MALADJIAN
>>>> Responsable informatique | administrateur système*
>>>> Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr
>>>> <mailto:pmaladjian at hilaire.fr>
>>>>
>>>>
>>>> 	
>>>>
>>>> Le 03/10/2018 à 16:33, Rowland Penny via samba a écrit :
>>>>> On Wed, 3 Oct 2018 16:01:33 +0200
>>>>> Philippe Maladjian via samba <samba at lists.samba.org> wrote:
>>>>>
>>>>>> Hello, I realize the preparation of the migration from samba 3 to
>>>>>> samba 4. For the moment the test platform is functional at 80%.
>>>>>>
>>>>>> I realize a problem. At the implementation of samba 3 in NT mode
>>>>>> (more than 10 years ago) I chose netbios name dom.masociete and the
>>>>>> same DNS domain name.
>>>>> Even then, a dot in a workgroup name wasn't recommended.
>>>> That's what I notice from reading but there are 10 I was a beginner ;)
>>>>>> With the migration the domain dns becomes "dom"
>>>>>> and according to my first researches I will quickly encounter
>>>>>> problems if I need subdomain in the future. The ideal would be
>>>>>> that I rename my domain in mycompany.local
>>>>> No, the ideal would be to use virtually anything but '.local'
>>>> masociete.lan?
>>>>
>>>>>> knowing that our Internet domain
>>>>>> name is mycompany.fr but it is not us who manage it.
>>>>>>
>>>>>> I saw that with the arrival of the 4.9.x it is possible to rename a
>>>>>> domain, but is it feasible in my case? If yes, once the domain is
>>>>>> renamed, will I have to go out and add the existing machines in the
>>>>>> domain?
>>>>> This is so new, I am not sure, but I believe it would, you will have
>>>>> to change the DNS domain on all the machines, unless it is set by
>>>>> DHCP.
>>>>>
>>>>> It might just be easier and better to set up a new domain ;-)
>>>> At dhcp level I have as configuration
>>>>
>>>> ----------
>>>>
>>>> option domain-search code 119 = text;
>>>> option wpad code 252 = text;
>>>>     option domain-name "dom.masociete";
>>>> option domain-search "\003dom\007masociete\000";
>>>> option wpad "\n";
>>>>
>>>> -------------
>>>>
>>>> but I do not see how dhcp could impose windows pc to use another
>>>> domain to connect?
>>> I think you misunderstand what I was trying to say, If you change the
>>> domain name, you also need to change the DNS domain, the REALM is the
>>> same as the DNS domain, but in uppercase.
>>> As I said, this is very new and I haven't had to use it yet, but, from
>>> my understanding, if your dns domain is samdom.example.com and you
>>> rename the domain, every instance of 'samdom', 'example' and 'com' will
>>> get changed to match your new name.
>>>
>>> Rowland
>> I fully understand the idea that the domain AD, DNS domain and REALM
>> must be identical.
>>
>> Our domain AD (NT mode) is dom.Company, the DNS that handles the
>> internal resolution is dom.CompanyName and our Internet domain name is
>> companyName.
>>
>> During my migration tests with the same domain configuration the domain
>> AD becomes dom, the DNS domain becomes dom and the REALM is DOM. This
>> poses a problem of reading and logic.
>>
>> The idea would be to put all this in order so that the domain AD is
>> ad.nomsociete.fr, domain DNS ad.nomsociete.fr and REALM AD.NOMSOCIETE.
>>
>> I understand that the function to rename a domain is too recent so is it
>> possible to make a first migration of samba 3 to 4 with the original
>> configuration and then to migrate a samba domain 4 to another domain
>> samba 4?
> The point of migration between 'Samba3' (a classic or NT4 domain) is
> your best opportunity to get the right name.
>
> This is the first time Samba will care about the DNS domain name of
> anything, so this is the time to chose your full ad.mycompany.com DNS
> domain as the --realm parameter.
>
> You may have difficulty with the . in the netbios name, particularly
> long-term, so if you don't mind re-joining your machines you might
> first want to rename that (ensure you keep the same domain SID) and
> rejoin the machines.
>
> I hope this helps.  One thing I wouldn't do is move to an AD domain
> then try and rename, things are *much* simpler in the old system for
> tricky things like this.
>
> Andrew Bartlett

Hello, I continue my research on my problem of change of domain name. 
After talking with a specialized friend AD he offered to create a domain 
mycompany.com with a subdomain mysite.mycompany.com. Both will be the 
base of a forest then add to this forest my samba3 controller to migrate 
users, machines from my samba3 to mysite.mycompany.com. The unknown is: 
can samba3 be able to integrate a forest or will I have to go through a 
version upgrade and migrate inside the forest?

Philippe.