[Samba] accessing foreign AD users to NT domain
Marco Gaiarin
gaio at sv.lnf.it
Mon Aug 24 15:18:08 UTC 2020
Mandi! Rowland penny via samba
In chel di` si favelave...
> Who was this 'someone' ?
[...]
> Yes, stop listening to spurious people who have never done the upgrade and
> follow our documentation ;-)
I'm 'someone'! ;-)
And, as you know, i've correctly migrated/merged 4 NT domains in an AD
domain some year ago, following also hint from this list. ;-)
> I ask because the correct way of doing this is to
> run 'samba-tool domain classicupgrade', we even have a wikipage:
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
As just discussed in this list, while 'classicupgrade' is clearly the
main path for a migration, pose some glitches.
- there's no 'merge' of multiple domains
- it is a go/no go tool, there's no way back.
So bulding a new domain is a, surely, longer path, but, at least for
me, smoothest one.
> Your users and groups in your new AD domain are not the same users and
> groups as in your old NT4-style domain.
[...]
> Just because they use the same password does not make them the same user.
Sure. But ACL are evaluated 'locally' to the server we are connecting,
so we can buld a totally differend domain, with different goups and
ACLs, this is not the point.
The point here is that, as Louis say, something changed in
samba/windows client os and something that worked without trouble with
Win7/samba4.5 two years ago seems does not work now.
I've suggested also to Paolo to:
+ enable on servers/domain members 'winbind use default domain = yes'
+ try to access shares with IP, to (try to) 'disable' kerberos auth
If was Win10, surely also SMB1 have to be enabled, but seems that also
Win7 does not work anymore... so we are asking here...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list