[Samba] Re: Transfering Machine Accounts / MACHINE.SID

Andrew Bartlett abartlet at samba.org
Thu Dec 25 21:02:34 GMT 2003

On Sat, 2003-12-20 at 05:53, Kevin Fries wrote:
> Kevin Fries wrote:
> > I have a Samba 2.2.7 PDC, and I am now trying to set up a new 3.0.1
> > server. I want this machine to act as a BDC initially and replicate all
> > the
> > accounts over.  

Unfoutunetly, this is not a supported configuration, for live clients. 
If, while the 'BDC' is operational, a machine changes it's machine
account password, then it is possible for it to be changed on the BDC,
but not the PDC.  

> > When I followed the howto it said to use smbpasswd -S to
> > transfer the machine SID and then to replicate the smbpasswd file to the
> > new server.  This has caused two major problems:
> > 
> >   1) the smbpasswd command does not support the -S option

In 3.0? That is because that option moved to 'net' as 'net getlocalsid'
and 'net setlocalsid' (I think, read the BDC doco in the HOWTO).

> >   2) My user accounts transfered to the new machine, but not the machine
> >      trust accounts.
> OK, found this one.  I forgot to move the posix accounts over to the new
> machines and Samba silently ignored the accounts.  pdbedit on the other
> hand screamed bloody murder.  Added PosixAccount to my machine entries in
> the new LDAP server, and Samba 3 found them thanks to nss_ldap.
> However, I still do not have a MACHINE.SID file because the smbpasswd
> command does not work as advertised.  Is it OK to just copy that file from
> the old machine?

If you don't have a secrets.tdb, then we will read that file on startup.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031226/d98f4e73/attachment.bin

More information about the samba mailing list