[Samba] Migrating from a WinNT 4 PDC to Samba 3 PDC Troubles

Craig White craigwhite at azapple.com
Tue Jul 13 05:47:31 GMT 2004 

On Mon, 2004-07-12 at 21:35, Nathaniel Grier wrote:
> Hi,
> 
> I've been in the process of attempting a transition from our current NT 4.0 
> PDC to Samba 3.0.4 on linux (Debian running the 2.4.18 kernel). I can get 
> the smbd/nmbd up and running just fine and configure them by hand or with 
> SWAT and the changes are saved.
> 
> I've been following the HOWTO's and get stuck at the net rpc vampire step:
> I am able to join the linux machine, call it SERVER2, successfully to the 
> domain, DOM. However, when I call 'net rpc vampire -S SERVER1 -U 
> Administrator%secret' I get the error that my current domain and that of 
> the server are incompatible:
> Your current domain SERVER2 (SID:xxxx) does not match the server's domain 
> DOM (SID:xxx).
> 
> (Sorry, I'm paraphrasing the error output as I'm at home and don't have it 
> in front of me, but it's quite straightforward and contains no more useful 
> information than that.)
> So even though it says that I've join the domain DOM, it still thinks I'm 
> in some domain with the name of the machine SERVER2. I've checked (as per 
> the error message) that the smb.conf has the
> workgroup = DOM
> security = user
> 
> Also, if I run pdbedit -Lv it reports that the current domain is SERVER2 
> rather than DOM. Running net rpc setsid DOM simply adds the SID of the 
> domain to secrets.tdb but doesn't switch its insistence of SERVER2 being 
> the domain rather than DOM. A call to net rpc testjoin says things are AOK 
> & that I'm in the domain DOM. Running net setlocalsid SERVER2 SID of DOM 
> changes the SID of the SERVER2 domain to be the same as the of DOM, but 
> just causes authentication errors when running net rpc vampire as it still 
> thinks that the domains have different names.
> 
> Any suggestions as to how to resolve this problem would be most 
> appreciated. I'm guessing a way to simply reset the name of the domain it 
> thinks its in would work, but having not worked much with 3.0, I'm not 
> sure. (I've used 2.2, but it's been a while since I've set one up and not 
> in as large a network environment.)
----
before running net rpc vampire command you need to set samba up as it
were like a BDC and join the domain.

BDC looks something like this...
security = domain
domain master = yes
preferred master = no

smbpasswd -j DOMAIN -r PDC_OF_DOMAIN -U Administrator%password
net setlocalsid SID
where SID is the SID of the existing NT4 domain but possibly the net rpc
vampire sucks that in (I don't remember)

Hope this helps

Craig

More information about the samba mailing list