[Samba] How to convert stand-alone samba servers to join existing Windows Active Directory domain

tbuchanan at vinu.edu tbuchanan at vinu.edu
Fri Sep 11 18:32:36 UTC 2020 

Thank you Rowland and Robert for your comments giving food for thought. 
Even after I asked the question, I realized that our Active Directory ID 
does not match the user IDs on the samba servers so that adds another 
variable.



From:   "Rowland penny via samba" <samba at lists.samba.org>
To:     samba at lists.samba.org
Date:   09/11/2020 02:08 PM
Subject:        Re: [Samba] How to convert stand-alone samba servers to 
join existing Windows Active Directory domain
Sent by:        "samba" <samba-bounces at lists.samba.org>



On 10/09/2020 20:28, Ted Buchanan via samba wrote:
> We have multiple stand-alone samba (4.2.10 and 4.10.4) file sharing
> servers with hundreds of local users on each server (not the same on all
> samba servers) in a CentOS/Oracle Linux (6 and 7) network.  We would 
like
> to convert these stand-alone servers to join an existing Windows based 
AD
> domain without losing data or ownership/permission metadata on these
> servers.  Is there a guide for doing so or can someone give the steps
> necessary to accomplish this task?  I see in the samba wiki how to set 
up
> samba as a domain controller or stand-alone server but nothing really on
> how to convert from stand-alone to domain member.  I am not real 
familiar
> with the Active Directory side of things so perhaps I'm not asking the
> right questions or looking in the right places.  Thank you in advance.
>
I meant to reply to this earlier, but got sidetracked ;-)

Not sure you can do this easily, yes, you might have the same users on 
some of the standalone servers, but do they have the same numeric ID on 
each of them ?

Lets say you have the user 'fred' who is a Unix & Samba user on 
computers A,B & D, but not on C

On A, he has the ID '1005'

On B, he has the ID '1764'

On D, he has the ID '1067'

When you create your AD domain, you will have to recreate your users and 
delete them from /etc/passwd on the standalone servers when you join 
them to the domain, so which uidNumber attribute contents will you give 
'fred' ?

If you choose '1005' there is a good chance that it will clash with 
another user from B, or C, or D, the same goes for the other two ID's

I feel the only way out of this problem is to create a new AD domain. 
Create your users in AD with new ID's (preferably from 10000 upwards) 
and then chown the files on the standalone servers after you have joined 
them to domain. Presumably after writing a script to do the chown.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list