MS Exchange
James Willard
james at whispering.org
Thu Sep 16 20:40:44 GMT 1999
We have a large network of NT servers, Exchange servers, and a few Samba
boxes. Occasionally for various reasons, we will promote a BDC to a PDC
role, thus making the PDC step down as a BDC. Exchange does not have a
problem with this.
Now, if you're simply creating another domain, naming it the same thing, and
bringing up Samba, that's obviouisly where your problems lie. Unfortunately,
Samba can't be a BDC where you can then promote it, and remove the NT box
that used to be the PDC. That would be the way to do it, since there is a
lot of security information and SIDs that aren't recreated when you create a
new domain.
James Willard, CCNA
james at whispering.org
>
> On Thu, Sep 16, 1999 at 01:22:27AM +1000, Paul L. Lussier wrote:
> >
> > >> If after, then did you make sure that it only knows about the Samba
> > >> PDC and not the old domain controller?
> > >
> > > The old domain controller was, of course, shut down during the testing (in
> > >night hours, some backups failed but who cares about them :-) ).
> >
> > Right, but the Exchange server wasn't, which means it's trying to authenticate
> > against the old PDC, which has a different SID than the Samba one.
>
> If Exchange was keeping track of the PDC's SID, that would mean that
> you can't even switch from one NT PDC to another.
> I can't really believe that.
> (But then again, it is Microsoft...
> Has anybody got a few spare NT Servers to test? :-)
>
> Cheers,
>
> Florian
>
--
James D. Willard, CCNA | Linux/FreeBSD/OpenBSD/Novell/Win/DOS/Minix User
james at whispering.org | finger james at whispering.org for PGP Public Key
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,.,-=-,
More information about the samba-ntdom
mailing list