Moving from NT PDC to Samba PDC

Matthew Geddes mgeddes at
Tue Dec 21 22:13:53 GMT 1999

Paolo Supino wrote:

>   Hi


>    I have a mixed network of Linux machines (RH 5.1) and NT WS (4-SP5)
> machines. All my servers are Linux based (2 servers). There is a 3rd
> server that acts as PDC (and it's his sole purpose in life)and
> authenticates every SMB connection (be it to a Samba share or a NT share).
> I want to move the PDC role from this NT (and move the computer to another
> role) to one of the linux based servers. I have the following questions:
> 1. Do I have to upgrade all the samba servers to 2.x version of Samba or
> can I get away with only upgrading the server that will act as PDC (samba
> on RH 5.1 was 1.9.18p10). What advantages/disadvatage can will I ancounter
> in either case?

Pre-Samba 2 didn't cope very well with Domain Controlling (officially, I
found it OK for my purposes). So I'd probably go with Samba 2.x on your PDC
(I've found version 2.0.5a quite good, although I'm sure some will disagree -
anyway, go with at least 2.0.5a). Your Other Samba box should still work OK
(I must admit, I haven't done a great deal of testing, but it worked for me).

> 2. What kind of pitfalls will I ancounter when trasitioning the role.

You won't be able to use User Damager for Domains and the other RPC stuff.
This can be worked around by using SWAT (Samba Web Administration Tool -
comes with 2.x) or something like webmin (, which is a
set of perl scripts that allow you to configure your Unix machine through a
HTTP interface. Apart from that, you shouldn't have too many problems. The NT
box should become a member of the Samba Domain quite easily (RTFM) you may
have a few problems with Browse lists, NT doesn't like not being the Master
Browser, but if you set all the options right in the config file, there isn't
much that can go wrong.

> 3. Can I leave the current domain name and general settings (which people
> got acastomed to) or should I bring up a new domain and move everyone to
> the new domain (and try to retain as much as possible of the old domain)?

You can bring up Samba in the old Domain. Make sure that the NT PDC isn't
running as a PDC at the time though (switching off the netlogon and browser
service should be enough). You can even keep your old accounts and passwords
by using pwdump.exe. It grabs the encrypted passwords from the SAM database
and saves them in a file the same format as smbpasswd. I am looking at having
our PDC become a Linux box and the testing I have done so far looks

You will need to re-install NT in order to make it join another Domain
(instead of controlling it). Hopefully they will fix this soon (actually, I'm
not really bothered, because you need to do the same to put Linux on the
machine ;-)).

I hope this was of some help, there will be things that people will disagree
with, but you'll probably test this stuf out a bit first anyway.....


More information about the samba-ntdom mailing list