[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Rowland Penny rpenny at samba.org
Fri Nov 25 21:25:21 UTC 2022

On 25/11/2022 20:45, Juan Ignacio wrote:
> Rowland I did that setup for a new unix member server and test.
> [global]
>          log file = /var/log/samba/%m.log
>          log level = 1
>          realm = OURDOMAIN.ORG <http://OURSERVER.ORG>
>          security = ADS
>          server role = member server
>          username map = /etc/samba/user.map
>          workgroup = OURDOMAIN
>          idmap config ourserver: range = 10000-9999999
>                   idmap config ourserver: backend = rid

I do not think you are getting this, you need both sets of the idmap 
config lines, you have two domains, the default domain '*' and the 
'OURDOMAIN' domain, so you should have these lines:

        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config OURDOMAIN : backend = rid
        idmap config OURDOMAIN : range = 10000-9999999

> After install everything needed and start services and join i cannot get 
> nothing from getent passwd OURDOMAIN\\user

You will not, part of which is that 'ourserver' != 'OURDOMAIN'

>   I got users if i use wbinfo -u

That is a bit meaningless, wbinfo reads directly from AD, Unix is not 

> Another thing is when i check with the command wbinfo --ping-dc
> I got
> checking the NETLOGON for domain[OURDOMAIN] dc connection to "DC1.OURDOMAIN.ORG  <http://DC1.OURDOMAIN.ORG>" succeeded
> DC1 is the old ad-dc who has Samba 4.1..
> I want the new one DC2 why is not connected to this DC

Probably if you keep trying, DC2 will reply, Winbind will use the DC it 
thinks is best, this is influenced by the first nameserver in 


More information about the samba mailing list