[Samba] 3 domains, full trust between all, move samba server join to other domain
Rowland penny
rpenny at samba.org
Tue Dec 10 11:11:46 UTC 2019
On 10/12/2019 10:35, Coert via samba wrote:
> Hello all,
>
> I have a Samba file server running that is member of a windows AD domain.
>
> Later I added 2 more domains with a full trust relationship between
> all 3. (all are Windows AD)
>
> Everything works perfectly, wbinfo -u/-g shows all users/groups from
> all 3 domains, and ACLs work perfectly.
>
> I now want to decommission 2 of the domains, and leave only 1 domain.
>
> Lets say they are:
>
> domain1old (to be decommissioned)
>
> domain2old (to be decommissioned and domain Samba server currently
> joined on)
>
> domain3new (domain to remain, where Samba server needs to be
> joined/moved)
>
> As stated, there is a full trust relationship between all 3 domains.
>
>
> The samba server is member of domain2old, and I want to keep all ACLs
> and such but join it on domain3new
>
> Can I simply change /etc/krb5.conf default_realm to domain3new and run
> net ads join again?
>
>
> Thank you in advance,
>
> Coert
>
>
Don't think so, I think you would have to leave the existing domain,
change the dns domain to the dns domain of the new AD domain, change the
realm in /etc/krb5.conf, change smb.conf to match the new domain, ensure
/etc/resolv.conf points to the new DC and that /etc/hosts uses the new
dns domain, reboot. Stop Samba and then attempt to join the new domain.
Rowland
More information about the samba
mailing list