[Samba] Need help taking over my Windoze Domain
SPHELPS at ridgways.com
Tue Jul 15 22:29:40 GMT 2003
My goal here is to 'fdisk' my Windoze PDC, and I think I just need a little more help....
OK, I've susccessfully set up Samba 2.2.8a and OpenLDAP 2.0.27. I was able to join a XP,NT, and 2000 box to a new "test" domain, and log into it.
Now I want to shut down my WindowsPDC, change my NetBios and workgroup name on my Samba server, and have it take over without anybody knowing it.
I tried this last night, but it didn't work as planned. I know I need to run 'smbpasswd -S' to get the Domain SID from the WinPDC. But what else do I need to do... (see Question 3)
Question 1) Are the smbldap-tools (smbldap-migrate-accounts.pl) capable of importing machine$ SIDs proprely. Also, why do I have to run smbpasswd <username> even though I have an entry in objectClass=SambaAccount? Is it a correct conclusion that secrets.tb is needed although you are using LDAP? I can't fit those pieces together in my brain.. For some reason I have not had good results from these tools. I always have to create users/machines manually from an self-created LDIF file for Samba to play nice with it LDAP.
Question 2) Is Samba 3 stable enough to run in a critical production environment. In reading the posts here I seems that it is more suited to run as a PDC w/LDAP with alot more features. What are the real-world advantages/problems you have discovered by upgrading. Opinions welcome!
Question 3) What is the proper way to "take over" a Windows Domain with Samba?
Again, thanks for the input and help!
-- Scott Phelps
More information about the samba