Environment
Novell Open Enterprise Server 2 SP1 (OES2SP1)
Novell Open Enterprise Server 2 SP2 (OES2SP2)
Novell Open Enterprise Server 11 (OES11)
Novell Open Enterprise Server 2 SP2 (OES2SP2)
Novell Open Enterprise Server 11 (OES11)
Domain Services for Windows
DSFW
DSFW
Situation
How do I rename the netbios name for a DSfW domain?
Unable to create a trust with an AD domain because of duplicate netbios name. Receive error "This operation can not be performed on the current domain"
When creating the DSfW domain received message "NETbios name already exist", but continued with the install.
Now find conflict with a different domain with the same netbios name.
Unable to create a trust with an AD domain because of duplicate netbios name. Receive error "This operation can not be performed on the current domain"
When creating the DSfW domain received message "NETbios name already exist", but continued with the install.
Now find conflict with a different domain with the same netbios name.
Resolution
The netbios name can be renamed with 5 easy steps. This needs to be done on all domain controllers in the domain.
1. In /etc/samba/smb.conf
In [Global] section change the "workgroup"
attribute to the new netbios name.
2. In Domain Controller Object
servicePrincipalName attribute has to be changed.
Look for HOST/dcname.raa.com/RAA and
LDAP/dcname.raa.com/RAA change them to
HOST/dcname.raa.com/RAADSFW
LDAP/dcname.raa.com/RAADSFW
The domain controller object can be found under
ou=Domain Controller,dc=raa,dc=com
3. CrossRef obect has to be renamed.
You will find this object under,
cn=RAA,cn=partitions,cn=configuration,dc=raa,dc=co m
Rename this to cn=RAADSFW,cn=partitions....
4. Inside this crossref object
cn=RAADSFW,cn=partitions,cn=configuration,dc=raa,d c=com
there is an attribute named 'nETBIOSname' change that to the new
netbios name.
5. Edit the /etc/opt/novell/xad/xad.ini and update the Netbios Name = to the new DSfW name (not necessary since this field is not read by the domain, but it is a good idea to keep it consistent).
1. In /etc/samba/smb.conf
In [Global] section change the "workgroup"
attribute to the new netbios name.
2. In Domain Controller Object
servicePrincipalName attribute has to be changed.
Look for HOST/dcname.raa.com/RAA and
LDAP/dcname.raa.com/RAA change them to
HOST/dcname.raa.com/RAADSFW
LDAP/dcname.raa.com/RAADSFW
The domain controller object can be found under
ou=Domain Controller,dc=raa,dc=com
3. CrossRef obect has to be renamed.
You will find this object under,
cn=RAA,cn=partitions,cn=configuration,dc=raa,dc=co m
Rename this to cn=RAADSFW,cn=partitions....
4. Inside this crossref object
cn=RAADSFW,cn=partitions,cn=configuration,dc=raa,d c=com
there is an attribute named 'nETBIOSname' change that to the new
netbios name.
5. Edit the /etc/opt/novell/xad/xad.ini and update the Netbios Name = to the new DSfW name (not necessary since this field is not read by the domain, but it is a good idea to keep it consistent).
6. Do a xadcntrl reload.
Make sure the new netbios is availble by doing a nmblookup.
Below is a script that will change the netbios name for the FRD and ADC DSfW servers. Simple create a file called change_netbios.sh, cut and paste the following, change the permissions on the file to be executable, and get a kerberos ticket before running the script.
touch /root/bin/change_netbios.sh
chmod 755 /root/bin/change_netbios.sh
kinit administrator
#!/bin/sh
#########################################################################
#
# (C) Copyright 2010 Novell, Inc.
# All Rights Reserved.
#
# This program is an unpublished copyrighted work which is proprietary
# to Novell, Inc. and contains confidential information that is not
# to be reproduced or disclosed to any other person or entity without
# prior written consent from Novell, Inc. in each and every instance.
#
# WARNING: Unauthorized reproduction of this program as well as
# unauthorized preparation of derivative works based upon the
# program or distribution of copies by sale, rental, lease or
# lending are violations of federal copyright laws and state trade
# secret laws, punishable by civil and criminal penalties.
#
#########################################################################
old_netbios=""
new_netbios=""
lib=`/opt/novell/xad/share/dcinit/printConfigKey.pl '_LIB'`
domain_nc=`/opt/novell/xad/share/dcinit/printConfigKey.pl 'Domain NC'`
uhostname=`/opt/novell/xad/share/dcinit/printConfigKey.pl 'DNS Unqualified Host Name'`
hostname=`/opt/novell/xad/share/dcinit/printConfigKey.pl 'DNS Host Name'`
domcntrldn="cn=$uhostname,ou=Domain Controllers,$domain_nc"
domain=`/opt/novell/xad/share/dcinit/printConfigKey.pl 'Root Domain'`
SASL_PATH="/opt/novell/xad/$lib/sasl2/"
export SASL_PATH
print_netbios() {
echo -n -e "\nThe current netbios name is: "
old_netbios=`grep -i 'workgroup' /etc/samba/smb.conf | sed 's/\s*workgroup\s*=\s*//'`
echo $old_netbios
}
read_netbios() {
echo -n "Enter the new netbios name:"
read new_netbios
}
change_service_principal_name() {
echo -e "\nChanging netbios in serviceprincipalname in Domain Controller Object\n"
echo "dn: $domcntrldn
changetype: modify
delete: serviceprincipalname
serviceprincipalname: HOST/$hostname/$old_netbios
serviceprincipalname: ldap/$hostname/$old_netbios
dn: $domcntrldn
changetype: modify
add: serviceprincipalname
serviceprincipalname: HOST/$hostname/$new_netbios
serviceprincipalname: ldap/$hostname/$new_netbios" | ldapmodify -Y GSSAPI -c
if [ $? -ne 0 ]; then exit -1; fi
}
change_crossref_attr() {
echo -e "\nChanging the nETBIOSName attribute in crossref object \n"
crossrefdn="cn=$old_netbios,cn=Partitions,cn=configuration,$domain_nc"
echo -e "dn: $crossrefdn\nchangetype: modify\nreplace: nETBIOSName\nnETBIOSName: $new_netbios" | ldapmodify -Y GSSAPI
}
rename_crossref() {
echo -e "\nRenaming the crossref object to new netbios name\n"
crossrefdn="cn=$old_netbios,cn=Partitions,cn=configuration,$domain_nc"
echo -e "$crossrefdn\ncn=$new_netbios" | ldapmodrdn -Y GSSAPI -r
}
change_file() {
echo -e "\nChanging in smb.conf and xad.ini file\n"
sed -i "s/\s*workgroup\s*=\s*.*/\tworkgroup = $new_netbios/" /etc/samba/smb.conf
sed -i "s/Netbios Name.*/Netbios Name = $new_netbios/" /etc/opt/novell/xad/xad.ini
}
change_netbios() {
#change in
change_service_principal_name
#crossref objects are domain specific.
dig "_ldap._tcp.pdc._msdcs.$domain" srv +short | grep -i -q $hostname
if [ $? -eq 0 ]
then
#change nETBIOS attribute in crossref
change_crossref_attr;
#Change the crossref itself
rename_crossref
fi
#change in smb.conf
change_file
}
warn_if_adc() {
dc_count=`dig $domain +short +time=10 | wc -l`
if [ $dc_count -gt 1 ]
then
echo -n -e "\033[1m\nImportant: \033[0m"
echo "This domain has more than one domain controller."
echo -e "Make sure to run this script in other domain controllers as well\n"
fi
}
echo -e "\033[1m\nThis utility will change the current netbios to a newname"
echo -e "\033[0m"
echo "This utility uses GSSAPI method for ldap operation."
echo "Make sure a valid ticket is available before proceeding"
print_netbios
read_netbios
change_netbios
echo -e "\nRestarting the services\n"
xadcntrl reload
warn_if_adc
Make sure the new netbios is availble by doing a nmblookup.
Below is a script that will change the netbios name for the FRD and ADC DSfW servers. Simple create a file called change_netbios.sh, cut and paste the following, change the permissions on the file to be executable, and get a kerberos ticket before running the script.
touch /root/bin/change_netbios.sh
chmod 755 /root/bin/change_netbios.sh
kinit administrator
#!/bin/sh
#########################################################################
#
# (C) Copyright 2010 Novell, Inc.
# All Rights Reserved.
#
# This program is an unpublished copyrighted work which is proprietary
# to Novell, Inc. and contains confidential information that is not
# to be reproduced or disclosed to any other person or entity without
# prior written consent from Novell, Inc. in each and every instance.
#
# WARNING: Unauthorized reproduction of this program as well as
# unauthorized preparation of derivative works based upon the
# program or distribution of copies by sale, rental, lease or
# lending are violations of federal copyright laws and state trade
# secret laws, punishable by civil and criminal penalties.
#
#########################################################################
old_netbios=""
new_netbios=""
lib=`/opt/novell/xad/share/dcinit/printConfigKey.pl '_LIB'`
domain_nc=`/opt/novell/xad/share/dcinit/printConfigKey.pl 'Domain NC'`
uhostname=`/opt/novell/xad/share/dcinit/printConfigKey.pl 'DNS Unqualified Host Name'`
hostname=`/opt/novell/xad/share/dcinit/printConfigKey.pl 'DNS Host Name'`
domcntrldn="cn=$uhostname,ou=Domain Controllers,$domain_nc"
domain=`/opt/novell/xad/share/dcinit/printConfigKey.pl 'Root Domain'`
SASL_PATH="/opt/novell/xad/$lib/sasl2/"
export SASL_PATH
print_netbios() {
echo -n -e "\nThe current netbios name is: "
old_netbios=`grep -i 'workgroup' /etc/samba/smb.conf | sed 's/\s*workgroup\s*=\s*//'`
echo $old_netbios
}
read_netbios() {
echo -n "Enter the new netbios name:"
read new_netbios
}
change_service_principal_name() {
echo -e "\nChanging netbios in serviceprincipalname in Domain Controller Object\n"
echo "dn: $domcntrldn
changetype: modify
delete: serviceprincipalname
serviceprincipalname: HOST/$hostname/$old_netbios
serviceprincipalname: ldap/$hostname/$old_netbios
dn: $domcntrldn
changetype: modify
add: serviceprincipalname
serviceprincipalname: HOST/$hostname/$new_netbios
serviceprincipalname: ldap/$hostname/$new_netbios" | ldapmodify -Y GSSAPI -c
if [ $? -ne 0 ]; then exit -1; fi
}
change_crossref_attr() {
echo -e "\nChanging the nETBIOSName attribute in crossref object \n"
crossrefdn="cn=$old_netbios,cn=Partitions,cn=configuration,$domain_nc"
echo -e "dn: $crossrefdn\nchangetype: modify\nreplace: nETBIOSName\nnETBIOSName: $new_netbios" | ldapmodify -Y GSSAPI
}
rename_crossref() {
echo -e "\nRenaming the crossref object to new netbios name\n"
crossrefdn="cn=$old_netbios,cn=Partitions,cn=configuration,$domain_nc"
echo -e "$crossrefdn\ncn=$new_netbios" | ldapmodrdn -Y GSSAPI -r
}
change_file() {
echo -e "\nChanging in smb.conf and xad.ini file\n"
sed -i "s/\s*workgroup\s*=\s*.*/\tworkgroup = $new_netbios/" /etc/samba/smb.conf
sed -i "s/Netbios Name.*/Netbios Name = $new_netbios/" /etc/opt/novell/xad/xad.ini
}
change_netbios() {
#change in
change_service_principal_name
#crossref objects are domain specific.
dig "_ldap._tcp.pdc._msdcs.$domain" srv +short | grep -i -q $hostname
if [ $? -eq 0 ]
then
#change nETBIOS attribute in crossref
change_crossref_attr;
#Change the crossref itself
rename_crossref
fi
#change in smb.conf
change_file
}
warn_if_adc() {
dc_count=`dig $domain +short +time=10 | wc -l`
if [ $dc_count -gt 1 ]
then
echo -n -e "\033[1m\nImportant: \033[0m"
echo "This domain has more than one domain controller."
echo -e "Make sure to run this script in other domain controllers as well\n"
fi
}
echo -e "\033[1m\nThis utility will change the current netbios to a newname"
echo -e "\033[0m"
echo "This utility uses GSSAPI method for ldap operation."
echo "Make sure a valid ticket is available before proceeding"
print_netbios
read_netbios
change_netbios
echo -e "\nRestarting the services\n"
xadcntrl reload
warn_if_adc