[Samba] nt4/sssd to AD/winbind migration fail

[Dale]

On 1/18/21 4:45 PM, Rowland penny via samba wrote:
> On 18/01/2021 22:11, Dale via samba wrote:
>> I had an LMDE2 NT4 domain member using Samba 4.2.x with SSSD.  I 
>> upgraded LMDE to version 3 then 4 which brings me up to Samba 4.9.5, 
>> as LMDE4 is based on Debian Buster.  All SSSD packages were purged, 
>> as well as a Heimdal kerberos package.  I attempted to add Louis' 
>> repo, but when the dist-upgrade was run, the process wanted to remove 
>> a GUI text editor that I didn't want to lose; therefore, I stayed at 
>> 4.9.5.
> I am fairly sure that removing the editor had nothing to do with 
> Louis's repo. I suggest you find out what is causing this, fix it and 
> then upgrade Samba.
The editor is somehow tied to the distro's Samba.  Simply removing the 
existing Samba packages causes the editor to be removed. Perhaps, it can 
be reinstalled after upgrading.
>>
>> The issue I am having is that samba is still seeing the old domain, 
>> causing it to ignore my idmap_ad range for the domain and giving 
>> users a value in the built-in range.  In fact, testparm tells me that 
>> I have an invalid domain range for the new domain:
>>
>> idmap range not specified for domain 'old_domain'
>> ERROR: Invalid idmap range for domain WORKGROUP!
>
> It sounds like you created a new AD domain, so did your Unix domain 
> member leave the old domain and then join the new one ?
Yes, a new AD domain.  The old domain was using security=domain, and I 
don't know of an equivalent to "net ads leave" for that configuration, 
so no, I didn't leave the domain.  For what it's worth, I didn't "leave" 
the domain on the other system either.  That migration just worked, but 
it was much easier, not have all the GUI issues that desktop distros have.

I think I'll try starting over with a fresh install of samba.  At this 
point there's nothing to lose.

Thanks,
Dale
>
> Rowland
>
>
>
>