How to move a samba PDC to a diffrent box
in [Samba]
|
From: John Drescher on 18 Jun 2008 16:10 > Sorry to bother you. I hope you can help me with my issue. > Always cc to the list as well. > We have a domain with more than 100 users and we need to replace our PDC. > The PDC main function is to authenticate our users to connect to the shared > drive and to authenticate computer login. The PDC is running samba with > openldap on Gentoo machine. I have two BDCs with ACL set to read and write > only. It was set that way to make the syncing process easier. The syncing > process is like a chain using slurpd. We plan to use "syncrepl" later. > > What is the best way to do to replace the PDC? I already have a Gentoo > machine up and running. I copied over all the samba and openldap files from > the old PDC to this new machine. I also exported the database by running > the "slapcat -l" command. I am hesitant to start the slapd, slurpd and > samba service as I am not so sure if I am doing the right thing. > Disconnect the network cable on the new machine to make sure you are not interfering with the rest of the network. Start slapd then use slapadd to add your ldap to the database. Use slapcat to verify that all was added and the ldif looks correct. Then start samba and see if the smbclient can connect to itself. Is the old machine the same name as the new? How about the ipddress? Are you using wins, lmhosts or dns for your clinets to find the pdc? BTW, I have to cut this a lot shorter than I want but I am very busy at the day job and if I do not get my tasks done several new users will not have a pc on Monday. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Ivan Ordonez on 18 Jun 2008 16:50 John Drescher wrote: >> Sorry to bother you. I hope you can help me with my issue. >> >> > Always cc to the list as well. > > >> We have a domain with more than 100 users and we need to replace our PDC. >> The PDC main function is to authenticate our users to connect to the shared >> drive and to authenticate computer login. The PDC is running samba with >> openldap on Gentoo machine. I have two BDCs with ACL set to read and write >> only. It was set that way to make the syncing process easier. The syncing >> process is like a chain using slurpd. We plan to use "syncrepl" later. >> >> What is the best way to do to replace the PDC? I already have a Gentoo >> machine up and running. I copied over all the samba and openldap files from >> the old PDC to this new machine. I also exported the database by running >> the "slapcat -l" command. I am hesitant to start the slapd, slurpd and >> samba service as I am not so sure if I am doing the right thing. >> >> > Disconnect the network cable on the new machine to make sure you are > not interfering with the rest of the network. > Start slapd then use slapadd to add your ldap to the database. Use > slapcat to verify that all was added and the ldif looks correct. Then > start samba and see if the smbclient can connect to itself. > > Is the old machine the same name as the new? How about the ipddress? > Are you using wins, lmhosts or dns for your clinets to find the pdc? > I will try your suggestion. We plan on using the same name on the new machine and the same IP address as well. We are using WINS for our client to find the PDC. Thanks for all the help. > BTW, I have to cut this a lot shorter than I want but I am very busy > at the day job and if I do not get my tasks done several new users > will not have a pc on Monday. > > John > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Robert on 18 Jun 2008 23:40 On Wednesday 18 June 2008, John Drescher wrote: > > We have a domain with more than 100 users and we need to replace our PDC. > > The PDC main function is to authenticate our users to connect to the > > shared drive and to authenticate computer login. The PDC is running > > samba with openldap on Gentoo machine. I have two BDCs with ACL set to > > read and write only. It was set that way to make the syncing process > > easier. The syncing process is like a chain using slurpd. We plan to > > use "syncrepl" later. > > > > What is the best way to do to replace the PDC? I already have a Gentoo > > machine up and running. I copied over all the samba and openldap files > > from the old PDC to this new machine. I also exported the database by > > running the "slapcat -l" command. I am hesitant to start the slapd, > > slurpd and samba service as I am not so sure if I am doing the right > > thing. > > Disconnect the network cable on the new machine to make sure you are > not interfering with the rest of the network. > Start slapd then use slapadd to add your ldap to the database. Use > slapcat to verify that all was added and the ldif looks correct. Then > start samba and see if the smbclient can connect to itself. > > Is the old machine the same name as the new? How about the ipddress? > Are you using wins, lmhosts or dns for your clinets to find the pdc? > > BTW, I have to cut this a lot shorter than I want but I am very busy > at the day job and if I do not get my tasks done several new users > will not have a pc on Monday. > > John I'll add my two cents. I recently did this, except we aren't using ldap. Didn't see the advantage. It was a new box with a different IP address. Long story short: All but 2 XP SP2 refused to join the new domain. Told me Logon failure: unknown user name or bad password. The Win2K and XP SP1 machines did not have a problem, and the log files show root authenticated successfully, so it looks like XP SP2 is the problem, but I have no idea why 2 joined when all the rest didn't. Still haven't found the reason or fix and most machines are workgroup members now...Good luck, hopefully you won't need it. -- Fail to learn history-repeat it. Fail to learn rights-lose them. Learn both-get screwed by previous two groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Scott Lovenberg on 18 Jun 2008 23:50 Robert wrote: > On Wednesday 18 June 2008, John Drescher wrote: > >>> We have a domain with more than 100 users and we need to replace our PDC. >>> The PDC main function is to authenticate our users to connect to the >>> shared drive and to authenticate computer login. The PDC is running >>> samba with openldap on Gentoo machine. I have two BDCs with ACL set to >>> read and write only. It was set that way to make the syncing process >>> easier. The syncing process is like a chain using slurpd. We plan to >>> use "syncrepl" later. >>> >>> What is the best way to do to replace the PDC? I already have a Gentoo >>> machine up and running. I copied over all the samba and openldap files >>> from the old PDC to this new machine. I also exported the database by >>> running the "slapcat -l" command. I am hesitant to start the slapd, >>> slurpd and samba service as I am not so sure if I am doing the right >>> thing. >>> >> Disconnect the network cable on the new machine to make sure you are >> not interfering with the rest of the network. >> Start slapd then use slapadd to add your ldap to the database. Use >> slapcat to verify that all was added and the ldif looks correct. Then >> start samba and see if the smbclient can connect to itself. >> >> Is the old machine the same name as the new? How about the ipddress? >> Are you using wins, lmhosts or dns for your clinets to find the pdc? >> >> BTW, I have to cut this a lot shorter than I want but I am very busy >> at the day job and if I do not get my tasks done several new users >> will not have a pc on Monday. >> >> John >> > > I'll add my two cents. I recently did this, except we aren't using ldap. > Didn't see the advantage. It was a new box with a different IP address. Long > story short: All but 2 XP SP2 refused to join the new domain. Told me Logon > failure: unknown user name or bad password. The Win2K and XP SP1 machines did > not have a problem, and the log files show root authenticated successfully, > so it looks like XP SP2 is the problem, but I have no idea why 2 joined when > all the rest didn't. > > Still haven't found the reason or fix and most machines are workgroup members > now...Good luck, hopefully you won't need it. > > Something to this effect happened to me once about two years ago. I think the punch line was that I broke the SID when I changed the IP or hostname, IIRC. All XP Pro SP2 clients. I think I ended up blowing away the machine accounts and rejoining the clients to the domain (I only had about a dozen, so it was just me kicking myself as I recalled the thought, "this might not be wise" echoing through my minds' ear as I rebooted the server after changing the configuration, instead of having to join hundreds of clients back again). Have you verified that this hasn't happened to you? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Bruno La Torre on 19 Jun 2008 04:50
Ivan Ordonez ha scritto: > > > John Drescher wrote: >>> Sorry to bother you. I hope you can help me with my issue. >>> >>> >> Always cc to the list as well. >> >> >>> We have a domain with more than 100 users and we need to replace our >>> PDC. >>> The PDC main function is to authenticate our users to connect to the >>> shared >>> drive and to authenticate computer login. The PDC is running samba >>> with >>> openldap on Gentoo machine. I have two BDCs with ACL set to read >>> and write >>> only. It was set that way to make the syncing process easier. The >>> syncing >>> process is like a chain using slurpd. We plan to use "syncrepl" later. >>> >>> What is the best way to do to replace the PDC? I already have a Gentoo >>> machine up and running. I copied over all the samba and openldap >>> files from >>> the old PDC to this new machine. I also exported the database by >>> running >>> the "slapcat -l" command. I am hesitant to start the slapd, slurpd and >>> samba service as I am not so sure if I am doing the right thing. >>> >>> >> Disconnect the network cable on the new machine to make sure you are >> not interfering with the rest of the network. >> Start slapd then use slapadd to add your ldap to the database. Use >> slapcat to verify that all was added and the ldif looks correct. Then >> start samba and see if the smbclient can connect to itself. >> >> Is the old machine the same name as the new? How about the ipddress? >> Are you using wins, lmhosts or dns for your clinets to find the pdc? >> > I will try your suggestion. We plan on using the same name on the new > machine and the same IP address as well. We are using WINS for our > client to find the PDC. > > you must set on the new PDC the SID of the old PDC see "net getlocalsid" and "net setlocalsid" bruno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |