[Samba] Win2K Machine Accounts No Longer Valid after Samba PDC
Upgrade (2.2.2 to 2.2.8a)
Geoff Stitt
grstitt at somanetworks.com
Wed Jun 18 15:33:44 GMT 2003
My apolgies in posting this again. However I was hoping someone
had a suggestion...
Symptom: After upgrading our Primary Domain Controller
from Samba 2.2.2 to Samba 2.2.8a, users attempting
to login from Windows 2000 clients are no longer
able to do so.
Details: After some research it was discovered that if a Windows
2000 client re-joins the domain served by the upgraded
version of Samba, users are then able to, once again,
log into this domain.
It was also discovered that if the Samba PDC was downgraded
to its original version of 2.2.2, any windows 2000 client
that re-joined the domain while the Samba PDC was at
version 2.2.8a, was still able to log into the domain.
As additional information, both versions of the Samba
PDC were compiled on SPARC architecture running Solaris 8.0
As the above comments suggest, machine accounts are backward-compatible,
but *not* forward-compatible between Samba versions 2.2.2 and 2.2.8a.
After researching the Samba mailing lists and newsgroups it is more
or less understood that in order to deal with problems of this nature
each windows 2000 machine account needs to be recreated. Which is
a very time-consuming effort.
Is there a better way to deal with this upgrade path?
Ideally where I don't have to visit each windows 2000 machine in order
to re-create their machine accounts? A migration utility or set of
server-side steps perhaps?
...geoff
More information about the samba
mailing list