[Samba] Transparently replacing a 2.2.7 PDC with 3.0

[Etienne Goyer]

Hi,

I sent this post yesterday morning for a first time, but apparently 
Gmane ate it as it never showed up.  I am reposting.  All my apologies 
if you receive this port in duplicate.

I tried to replace a Samba 2.2.7 PDC to a 3.0 transparently, and it did 
not work.  For my explanation, we will call the Samba 2.2.7 PDC samba2, 
the new Samba 3 server samba3 and the domain DOMAIN.

First, I migrate (by hand) all the users from samba2 to samba3; I copied 
smbpasswd, then cut-n-pasted the users and workstations account in 
/etc/passwd with vipw.  Tested it, it seem to work well.  At this point, 
samba3 is PDC for a temporary domain I called TEST.

Then I retrieved the SID of DOMAIN by doing "net getlocalsid DOMAIN". 
Kept it for later.

I shutted down samba2.  I edited smb.conf on samba3 to set the same 
workgroup name, netbios name, various config and share definition. 
Restart Samba on samba3.  Set the SID to the one previously retrieved 
with "net setlocalsid <SID previously retrieved>".  Restarted samba3 again.

Win9x clients worked correctly, no problems (as expected).  NT-based 
clients complained about not finding the domain.  I guessed I screwed up 
the SID change, so I copied secrets.tdb from samba2 to samba3 and 
restart Samba on samba3.  It still did not work.

Finally, I joined the NT-based clients by hand (fortunately, there was 
not many) and it worked.

Since I have many Samba 2.2.x -> 3.0 PDC migration coming in near-term 
future, I was wondering what I did wrong and if there is a work around 
it.  Is it possible to change a Samba PDC in a totally transparent 
fashion for the clients ?  Are there any known issue doing it from Samba 
2.2.x to 3.0 ?

Thanks for your answer !