[Samba] Migration 3.5 to 4.x, realm identical to domain

[Philippe Maladjian]

Le mardi 31 mai 2022 à 16:45 +0100, Rowland Penny via samba a écrit :
> On Tue, 2022-05-31 at 16:17 +0200, Philippe Maladjian via samba
> wrote:
> > In order to comply with the recommendations, I thought of renaming
> > the
> > domain with my external domain (mondomaine.fr) and adding a prefix
> > for
> > the AD domain.
> > 
> > Currently the Samba 3 domain is: dom.mondomain
> > TLD after migration: mondomaine.fr
> 
> No, the TLD would be 'fr'. 'TLD' is short for 'Top Level Domain'
> 
> > Realm: nomrue205.mondomaine.fr
> 
> No, that would be the dns domain name, the realm is that in uppercase
> 'NOMRUE205.MONODOMAINE.FR'
> 
> > AD domain: nomrue205
> 
> No, that would be the Netbios domain name (aka workgroup)
> 
> Sorry to be a bit pedantic about this, but it saves problems in the
> long term :-)

No problem, these are notions that I don't necessarily master well so I
have no problem being taken up on the subject ;)

> 
> > 
> > Can I do this through a classic update?
> 
> Again, no, you need to do all this before the classic upgrade, which
> is
> one of the reasons we suggest doing a trial upgrade before doing it
> for
> real, you find all the problems before destroying your production
> domain.

That's exactly what I do. I copied the VM from my samba 3.5 and created
a VM of a user station, all placed in a dedicated network that does not
communicate with the prod network. After adding the VM pc to the domain
at 3.5 test, I make several connection/disconnection attempts to make
sure that the rights management works correctly.

To perform the migration by changing the domain name I should follow
this procedure:
- take the test pc out of the domain;
- stop samba;
- change the workgroup name in smb.conf;
- modify LDAP data by replacing the old domain (dom.mondomain) with the
new one (nomrue205);
- restart samba;
- reintegrate the test pc.

Won't I encounter a problem with user and machine SIDs?

> 
> Rowland
> 

Philippe.

> 
>