Moving a domain
Richard Sharpe
rsharpe at richardsharpe.com
Sun Feb 2 18:36:10 GMT 2003
On Sun, 2 Feb 2003, Tom Alsberg wrote:
> Now this is a little mess when moving to a different server. I
> decided to try out the common way, and gave a CNAME alias cifserver to
> the new machine, and running nmbd on it with the -n flag (-n
> CIFSERVER) to use that NetBIOS name as well (the domain name is now
> CS-HUJI).
When smbd starts (and this includes at least 2.2.3, I believe, and beyond
to 3.0.x), it checks to see if there is a SID in the secrets file with the
key SECRET/SID/<UCNBNAME> where UCNBNAME is the uppercase NetBIOS name.
If one does not exist, it will create a new random SID, set the machine
SID to that, and then set the domain SID to that! If the SID changes, even
if you have preserved the trust accounts and their current passwords,
Windows will complain that the SID is inconsistent with what it had when
it joined.
The SID for the old machine name is still in the secrets file, and you can
use tdbdump to find the keys, and thus the old machine name if you need
to.
This is relevant to your questions below.
> The question is - if any of you had experience, or theoretical facts
> and ideas of - would this work? For users who only use it as a file
> and print server, it most probably would. But as a domain controller
> - the clients remember a few things, and the server remembers a few
> things.
>
> The SID and secrets files should probably be copied... But then,
> should clients who are already in the domain be able to continue using
> it, without leaving and re-joining it?
You probably only really need the secrets file and the smbpasswd or
whatever passwd database you are using for Windows accounts.
If the NetBIOS name changes, you have a couple of choices, as outlined at
www.richardsharpe.com. As soon as Samba 2.2.8 ships you will retrieve the
old SID and re-establish that as the machine SID for your Samba server and
the domain SID. You can already do that with the net command for Samba
3.0.x.
HTH.
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list