[Samba] accessing foreign AD users to NT domain

Rowland penny rpenny at samba.org
Mon Aug 24 14:32:58 UTC 2020

On 24/08/2020 15:02, Piviul via samba wrote:
> Hi all, I'm planning to migrate a NT domain to a AD domain. Someone 
> suggested me to create a new AD domain,

Who was this 'someone' ? I ask because the correct way of doing this is 
to run 'samba-tool domain classicupgrade', we even have a wikipage:


> then add manually users to AD with the same username and password of 
> the NT domain and then join every PC to the new AD domain. This way 
> the migration should be flawlessly because in a windows network a user 
> can works on foreign resources (resources that are shared from server 
> joined to other domains) if he shares same username and password. On 
> my network that's doesn't seems to works.
Your users and groups in your new AD domain are not the same users and 
groups as in your old NT4-style domain.
> I have a samba3 (4.1.17-Debian) NT domain, I have a new AD domain 
> (4.10.4) and I have a user in AD domain with the same credentials in 
> the NT domain. I have joined a  windows PC to the AD domain and when 
> the user logon to the PC he can successfully works on all pc/server 
> _windows_ shares joined to NT domain but can't on _samba_ shares 
> joined to the NT domain.
Just because they use the same password does not make them the same user.
> Please can someone help me to troubleshoot the problem?

Yes, stop listening to spurious people who have never done the upgrade 
and follow our documentation ;-)


More information about the samba mailing list