[Samba] Windows client still tries to connect to old AD after replacement

Piers Kittel piers at centrefordeaf.org.uk
Mon Feb 4 18:32:49 UTC 2019 

Thanks Rowland,

OK, sorry about this...

Note that the "Old AD" has some errors in their config files, but 
everything sort of work so I'm not going to fix those errors - my 
concern is obviously just the "New AD".  I've not set up printing in the 
new AD yet as it doesn't work in the old one anyway, and that's a 
discussion in a future thread.  Note "domain" is a replacement for the 
actual domain name.  Nothing is internet facing, and shouldn't be apart 
from DNS (well, I hope!).

---------------------------------------------------------------------
Old AD

Name - ad.domain.intranet
IP - 192.168.0.17
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-8-amd64
Samba version: 4.5.12-Debian

/etc/hostname:
ad

/etc/hosts:
127.0.0.1       localhost
192.168.0.17    ad.domain.intranet ad
192.168.0.21    domain-ad.domain.intranet     domain-ad

# The following lines are desirable for IPv6 capable hosts

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/resolv.conf:
domain Hitronhub.home
search Hitronhub.home
nameserver 192.168.0.1

/etc/krb5.conf
[libdefaults]
         default_realm = DOMAIN.INTRANET
         dns_lookup_realm = false
         dns_lookup_kdc = true

/etc/samba/smb.conf
# Global parameters
[global]
         netbios name = AD
         realm = DOMAIN.INTRANET
         workgroup = DOMAIN
         dns forwarder = 192.168.0.1
         server role = active directory domain controller
         rpc_server:spoolss = external
         rpc_daemon:spoolssd = fork
         printing = CUPS
         spoolss: architecture = Windows x64

[netlogon]
         path = /var/lib/samba/sysvol/cfd.intranet/scripts
         read only = No
[sysvol]
         path = /var/lib/samba/sysvol
         read only = No
[Profiles]
         path = /home/samba/Profiles
         read only = no
         veto files = /*sync*/
[users]
         path = /home/samba/users
         read only = no
[printers]
         path = /var/spool/samba
         printable = yes
[print$]
         path = /srv/samba/printer_drivers/
         read only = no

---------------------------------------------------------------------
New AD

Name - domain-ad.domain.intranet
IP - 192.168.0.11
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-8-amd64
Samba version: 4.5.12-Debian

/etc/hostname:
domain-ad

/etc/hosts:
127.0.0.1       localhost
192.168.0.11    domain-ad.domain.intranet     domain-ad

# The following lines are desirable for IPv6 capable hosts

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/resolv.conf

domain domain.intranet
search domain-ad.domain.intranet
nameserver 192.168.0.11

/etc/krb5.conf
[libdefaults]
         default_realm = DOMAIN.INTRANET
         dns_lookup_realm = false
         dns_lookup_kdc = true

/etc/samba/smb.conf
# Global parameters
[global]
         netbios name = DOMAIN-AD
         realm = DOMAIN.INTRANET
         workgroup = DOMAIN
         dns forwarder = 192.168.0.1
         server role = active directory domain controller
         vfs objects = acl_xattr
         map acl inherit = yes
         store dos attributes = yes
[netlogon]
         path = /var/lib/samba/sysvol/domain.intranet/scripts
         read only = No
[sysvol]
         path = /var/lib/samba/sysvol
         read only = No
[Profiles]
         path = /home/samba/Profiles
         read only = no
         veto files = /*sync*/
[users]
         path = /home/samba/users
         read only = no

---------------------------------------------------------------------
 > I see that they are both subdomains of the 'domain.intranet' dns
 > domain, but have you used a new workgroup name for the new AD domain ?

Wasn't aware workgroups were used?  The workgroup is blanked out in the 
"Computer Name\Domain Changes" box?

 > Have your clients left the old domain and joined the new domain ?

Yes - I just used one client - disconnected it from the old domain, 
joined the workgroup "WORKGROUP", changed the DNS settings as per the 
how-to page here:

https://wiki.samba.org/index.php/Windows_DNS_Configuration

so it points to 192.168.0.11.  Then I turned off the old server and 
rebooted the test client, connected it to the new AD server, and then 
followed the following how-to pages here to point them all to the new 
server:

https://wiki.samba.org/index.php/User_Home_Folders
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles

but I get the issues I spoke about earlier.  I'm sure I'm missing 
something.  Many thanks again for your time!

With kind regards - Piers

More information about the samba mailing list