[Samba] PDC Swap

Randy Parker randyp at sardis.dfab.sc.ti.com
Thu Apr 24 11:08:54 GMT 2003


I tried the following this morning.

	willie2# /etc/init.d/smb stop
	willie2# smbpasswd -r willie1 -S

	willie1# /etc/init.d/smb stop

	willie2# /etc/init.d/smb start

I could login on my clients at this point. The
domain had been successfully transfered from
willie1 to willie2. Now I rename willie2 to
willie1 so I can keep my scripts and policies.

	willie2# /etc/init.d/smb stop
	willie2 is now renamed to willie1 with
          /usr/sbin/sys-unconfig (Solaris 9)
	willie1# /etc/init.d/smb start

I can not login on my clients now. They do not
recognize willie1 as the valid PDC. I can not
boot the original willie1 and transfer the SID
again because the two machines will get into an
IP address fight.

It appears the machine name change breaks the SIDs. 
Is my only recourse a transfer via a third machine 
as described in the original post?

Regards,
Randy

---begin quoted text---
> Delivered-To: randyp at sardis.dfab.sc.ti.com
> Date: Wed, 23 Apr 2003 22:26:54 -0500 (CDT)
> From: "Gerald (Jerry) Carter" <jerry at samba.org>
> X-X-Sender: jerry at queso.plainjoe.org
> To: Randy Parker <randyp at sardis.dfab.sc.ti.com>
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] PDC Swap
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 23 Apr 2003, Randy Parker wrote:
> 
> > It appears the name change from willie2 to willie1 broke
> > the SIDs. No users can login to my clients. Those who
> > can login (via a client login data cache of some sort)
> > do not get policy transfers or their Z: home directory.
> > The domain is definitely broken.
> 
> I just looked and this code is a little confusing.
> Try this.  
> 
>   Start smbd (generates the local machine SID).
>   Stop smbd
>   Run smbpasswd -r willie1 -S to set the domain SID
>   Start smbd (this should copy the domain SID to the local machine SID)
> 
> If you migrate the domain SID onto a fresh secrets.tdb, smbd will 
> overwrite the domain SID when it generates it's local machine SID.
> 
> 
> 
> cheers, jerry
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
> 
> iD8DBQE+p1mCIR7qMdg1EfYRArnbAJwNjtW0VgWpFJyWQ3HiGP2kJh+YwACfYepy
> RcNQm4ezcNNBI+7bhnlbXy8=
> =dDm8
> -----END PGP SIGNATURE-----
---end quoted text---


More information about the samba mailing list