[Samba] Windows client still tries to connect to old AD after replacement
Rowland Penny
rpenny at samba.org
Mon Feb 4 19:10:48 UTC 2019
See inline comments:
On Mon, 4 Feb 2019 18:32:49 +0000
Piers Kittel via samba <samba at lists.samba.org> wrote:
> Thanks Rowland,
>
> OK, sorry about this...
>
> Note that the "Old AD" has some errors in their config files, but
> everything sort of work so I'm not going to fix those errors - my
> concern is obviously just the "New AD". I've not set up printing in
> the new AD yet as it doesn't work in the old one anyway, and that's a
> discussion in a future thread. Note "domain" is a replacement for
> the actual domain name. Nothing is internet facing, and shouldn't be
> apart from DNS (well, I hope!).
>
> ---------------------------------------------------------------------
> Old AD
>
> Name - ad.domain.intranet
> IP - 192.168.0.17
> Operating System: Debian GNU/Linux 9 (stretch)
> Kernel: Linux 4.9.0-8-amd64
> Samba version: 4.5.12-Debian
>
> /etc/hostname:
> ad
>
> /etc/hosts:
> 127.0.0.1 localhost
> 192.168.0.17 ad.domain.intranet ad
> 192.168.0.21 domain-ad.domain.intranet domain-ad
Remove the line above, this is the old AD domain and shouldn't have
anything pointing to the new one.
>
> /etc/resolv.conf:
> domain Hitronhub.home
> search Hitronhub.home
> nameserver 192.168.0.1
This is a DC, it should be pointing to itself as a nameserver.
>
> /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = AD
> realm = DOMAIN.INTRANET
> workgroup = DOMAIN
What did you say about workgroups ?
I do hope that 'DOMAIN' in the above line isn't the same as on the new
AD DC.
> dns forwarder = 192.168.0.1
> server role = active directory domain controller
> rpc_server:spoolss = external
> rpc_daemon:spoolssd = fork
> printing = CUPS
> spoolss: architecture = Windows x64
>
> ---------------------------------------------------------------------
> New AD
>
> Name - domain-ad.domain.intranet
> IP - 192.168.0.11
> Operating System: Debian GNU/Linux 9 (stretch)
> Kernel: Linux 4.9.0-8-amd64
> Samba version: 4.5.12-Debian
>
> /etc/hostname:
> domain-ad
>
> /etc/hosts:
> 127.0.0.1 localhost
> 192.168.0.11 domain-ad.domain.intranet domain-ad
>
> # The following lines are desirable for IPv6 capable hosts
>
> /etc/resolv.conf
>
> domain domain.intranet
> search domain-ad.domain.intranet
> nameserver 192.168.0.11
Hmm, that looks like you are trying to search the DC hostname instead
of the dns domain name, remove 'domain-ad' from the search line.
This does of course raise another problem, even though you claim you
have set up a new domain, you haven't. Both your DC's use the same ip
range, dns domain and presumably, the same workgroup name.
>
> /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = DOMAIN-AD
> realm = DOMAIN.INTRANET
> workgroup = DOMAIN
> dns forwarder = 192.168.0.1
> server role = active directory domain controller
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> [netlogon]
> path = /var/lib/samba/sysvol/domain.intranet/scripts
> read only = No
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> [Profiles]
> path = /home/samba/Profiles
> read only = no
> veto files = /*sync*/
> [users]
> path = /home/samba/users
> read only = no
>
> ---------------------------------------------------------------------
> > I see that they are both subdomains of the 'domain.intranet' dns
> > domain, but have you used a new workgroup name for the new AD
> > domain ?
>
> Wasn't aware workgroups were used? The workgroup is blanked out in
> the "Computer Name\Domain Changes" box?
It might be, but they are still used
Rowland
More information about the samba
mailing list