[Samba] Re: Transfering Machine Accounts / MACHINE.SID

Andrew Bartlett abartlet at samba.org
Thu Dec 25 21:02:34 GMT 2003


On Sat, 2003-12-20 at 05:53, Kevin Fries wrote:
> Kevin Fries wrote:
> 
> > I have a Samba 2.2.7 PDC, and I am now trying to set up a new 3.0.1
> > server. I want this machine to act as a BDC initially and replicate all
> > the
> > accounts over.  

Unfoutunetly, this is not a supported configuration, for live clients. 
If, while the 'BDC' is operational, a machine changes it's machine
account password, then it is possible for it to be changed on the BDC,
but not the PDC.  

> > When I followed the howto it said to use smbpasswd -S to
> > transfer the machine SID and then to replicate the smbpasswd file to the
> > new server.  This has caused two major problems:
> > 
> >   1) the smbpasswd command does not support the -S option

In 3.0? That is because that option moved to 'net' as 'net getlocalsid'
and 'net setlocalsid' (I think, read the BDC doco in the HOWTO).

> >   2) My user accounts transfered to the new machine, but not the machine
> >      trust accounts.
> 
> OK, found this one.  I forgot to move the posix accounts over to the new
> machines and Samba silently ignored the accounts.  pdbedit on the other
> hand screamed bloody murder.  Added PosixAccount to my machine entries in
> the new LDAP server, and Samba 3 found them thanks to nss_ldap.
> 
> However, I still do not have a MACHINE.SID file because the smbpasswd
> command does not work as advertised.  Is it OK to just copy that file from
> the old machine?

If you don't have a secrets.tdb, then we will read that file on startup.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031226/d98f4e73/attachment.bin


More information about the samba mailing list