[Samba] Re:Replacing Samba PDC with new hardware

Martin Thomas mthomas at rhrk.uni-kl.de
Sat Jun 21 04:53:23 GMT 2003

>From: "Alex" <sysadm at omniarch-ny.com>
>Subject: [Samba] Replacing Samba PDC with new hardware
>To: "SambaList" <samba at lists.samba.org>
>I'm currently running a Samba PDC (2.2.3a) on RedHat 7.3 supporting 10 or so
>win2k users with roaming profiles.  Just got a new Dell box and would like
>to replace the current PDC machine.  My question is this :
>What is the best way to make the switch without making the current user
>accounts obsolete.  I've duplicated the most of the environment already, my
>users accounts have already been added to /etc/passwd, /etc/group.  I set up
>smb.conf, the homes and netlogon share. I copied the logon.bat file I've
>been using from the old box, and added all my users and machine accounts to
>the smbpasswd file as usual.  Now as far as the SID I'm a little fuzzy.  I
>would ideally like the replacement server to have the same netbios name
>(SERVER) as the de-commissioned machine.  For the moment I 've given the new
>box the name (NEW_SERVER) so that I can copy files over.  I ran smbpasswd -S
>(domain) to suck the SID to the new server already.  Now when I shut down
>the old box for good, and change the netbios name will the SID for the
>domain be re-written making my user accounts useless/ unable to logon?  Is
>there any way to avoid this?  Also is there a "better" way to move the users
>home directories to new box? I was planning on tar-ing up the /home dir and
>just expanding it on the new machine?  Does anyone know if I have all the
>users logged in, swap out the servers, and log the users out will that send
>the profile back to the home directory on the new server?

Try to replace the secrets.tdb on the new PDC with the one from the old
PDC. I had some trouble too, the domain SID can be extracted from
the old machines secrets.tdb and set one the new one with smbpasswd, but it 
seems that the server-SID is important too. The output of 
smbpasswd -X <servername> and smbpasswd -X <domainname> was 
different on my new installation and identical on the old PDC. I did not find a 
way to set the Server SID using smbpasswd. After overwriting
the secrets.tdb on the new server with the one from the old PDC the client-
login worked without rejoining. Make shure that the password in the smbpasswd-file
for users and machines are the same as one the old server. If you keep the same uids 
for machines and users one the new server as they where on the old one just copy 
smbpasswd or edit the uids in the copied smbpasswd-file to match those in 
/etc/passwd on your new PDC. If you have a file MACHINE.SID copy this 
file too (some older versions of Samba used this file but its now obsolete, 
the data is now in secrets.tdb).
Hope this helps
Martin Thomas
University of Kaiserslautern, Institute of Environmental Engineering,
Kaiserslautern (ZIP 67663), Germany

More information about the samba mailing list