[Samba] Migration samba 3 to 4

Philippe Maladjian pmaladjian at hilaire.fr
Wed Sep 19 09:20:39 UTC 2018


I'm looking for several days but I do not spend my days :)

If I create a new domain on the new AD, I will necessarily have a new 
SID so I would have to go to each machine to get them out of the domain 
and join them again?

Responsable informatique | administrateur système*


Le 18/09/2018 à 19:29, Rowland Penny via samba a écrit :
> On Tue, 18 Sep 2018 14:20:19 +0200
> Philippe Maladjian via samba <samba at lists.samba.org> wrote:
>> Hello,
>> On my current installation samba announces domain dom.domain, windows
>> machines and users are registered on domain dom.hilaire, root dn of
>> my ldap is dc = domain, dc = fr.
>> At first I tested a migration by applying the vm of my server samba3
>> and my ldap. I migrated these VMs out of the production network and
>> validated that with a pc from my production network (once the network
>> settings changed) I could connect to the test domain.
>> Then I copied the file smb.conf and all the tdb to the new samba
>> server 4. I started the migration procedure via samba-tool and got
>> the error on the groups Domain Users and Backup Operators as well as
>> the login error with my ldap directory.
>> After some exchanges I exported in a ldif my directory to modify the
>> root dn in dc = dom, dc = domain so that it corresponds to the
>> Windows domain name. I re-imported everything in my directory.
>> When I restart the migration procedure by samba-tool I have the same
>> error. As I have the same installation problem with the production
>> version I do not see any relationship with the SID. The samba domain
>> name does not change, it's only the root dn of my ldap directory that
>> I change before the migration.
> This, as you have found, does not work.
> The whole idea behind the classicupgrade script is, it takes your old
> PDC domain and upgrades it to an AD domain, with the same users &
> passwords, groups and group memberships etc. Most importantly it uses
> the same SID, it is the SID that identifies the domain.
> You seem to have spent weeks getting this to work, it would have been
> quicker to create a new AD domain and port your users etc to that.
> Rowland

More information about the samba mailing list