[Samba] With a Samba 3 PDC, can I promote a Samba BDC to become new PDC?

Thu Jul 22 07:10:07 GMT 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'd be happy to do so, it may take me a while to obfuscate the password
hashes suitably and stuff, but perhaps end of day tommorow I could have
it done, I'll post diag info on bugzilla when it's all set.

Regards

Eric

John H Terpstra wrote:
| On Wednesday 21 July 2004 23:21, Eric J Bennett wrote:
|
|>I'm trying to do the exact same thing out here, it's tricky, even after
|>reading the manual rather thoroughly, I got to the stage where we
|>vampire'd over all the account info successfully, but the vampire didn't
|>copy the password information for the machine accounts, and thus people
|>cannot log on.
|
|
| We are aware of this problem. It does not affect every site but on
those that
| it does the problem is significant. I'm sorry to say that we do not
have a
| solution at this time. It would help if you can capture the entire
process
| using ethereal as well as a level 10 debug trace of the activity and then
| post a bug report on bugzilla.samba.org. So far we have not been able to
| capture sufficient information to catch what is glitching.
|
| Andrew Bartlett may be able to comment when he sees the debug info.
|
| - John T.
|
|
|>I've posted to this list about it a couple of times before, but noone
|>has answered, I don't know if this is just an accepted bug or I'm
|>screwing something up, still trying to hack through the smbldap-useradd
|>script in the machine adding section, which is my best guess as to where
|>the actual problem is.
|>
|>Cheers
|>
|>Eric
|>
|>Jeff McWilliams wrote:
|>| I'm helping out a small office upgrade their NT 4 PDC to Samba.  It's
|>
|>a small
|>
|>| office of 6 people, so tdbsam is being used. They keep having tape
backup
|>| issues
|>| and other problems, so one of the reasons for the Samba migration is
|>
|>to allow
|>
|>| me
|>| to SSH into their box and remotely administer it from home on
|>| evenings/weekends.
|>|
|>|
|>|
|>| Currently I'm testing the move using two dummy machines, and some
|>
|>Windows 2000
|>
|>| clients running under VMWare.
|>|
|>| Following the Samba Guide, my plan was as follows:
|>|
|>| Existing Windows NT machine is called DellDC.
|>| Temporary machine is called TempDC
|>|
|>| 1.  Create a Linux based, Samba BDC named TempDC that joins the NT
|>
|>domain, then
|>
|>| following the instructions in chapters 5 and 8 of the Samba-Guide,
|>
|>vampire the
|>
|>| accounts database off of DellDC and promote TempDC to a PDC.
|>|
|>| 2.  Shutdown DellDC, and reload with Linux, configuring Samba as a BDC.
|>| Following the same approach, re-join DellDC to NT domain as a BDC, and
|>
|>using
|>
|>| net rpc vampire, vampire accounts database off of TempDC and promote
|>
|>DellDC to
|>
|>| PDC.
|>|
|>| 3.  Shutdown TempDC for good.
|>|
|>|
|>| In my simulation environment, I created a similar set of machines.
|>
|>One is NT
|>
|>| 4.0 server and the other is Debian Linux (testing, sarge) with the
|>
|>latest Samba
|>
|>| 3.0.4.  My samba configuration files are almost exactly as shown in the
|>| Samba-Guide with the exception of printer shares and the fictional
shared
|>| folders.
|>|
|>| Step 1 goes fine.  I was able to join TempDC to the domain hosted by
|>
|>NT4 on
|>
|>| DellDC, vampire the accounts off of DellDC, and promote TempDC to
|>
|>Primary DC
|>
|>| status.   After this I turned off DellDC and reloaded it with Debian
|>
|>Linux and
|>
|>| Samba.
|>|
|>| Step 2 fails.   I reload DellDC with Linux, and successfully join the
|>
|>domain.
|>
|>| Groupmaps are successfully created as directed in the guide, as
|>
|>before.  I even
|>
|>| made sure /etc/passwd and /etc/group are the same on both the Linux
|>
|>PDC and the
|>
|>| Linux BDC that I'm trying to promote.  However, 'net rpc vampire' fails.
|>|
|>| The output is:
|>| DellDC:/etc/samba# net rpc vampire -S TempDC
|>| Fetching DOMAIN database
|>| Failed to fetch domain database: NT_STATUS_UNSUCCESSFUL
|>|
|>|
|>| Is there another approach or did I configure something incorrectly?
|>
|>Given a
|>
|>| successfully running Samba 3.0 PDC using tdbsam, how can I migrate the
|>| PDC responsibilities from the existing Linux box to another?
|>|
|>| I'd imagine this scenario comes up often as people upgrade server
|>| hardware on PDCs without losing all the existing domain settings.
|>|
|>| Can anyone help me?
|>|
|>| Many thanks,
|>|
|>| Jeff McWilliams
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA/2hP3xh0GTRQuR4RAu/YAJ9DUhKdvkEip+nLAurhW0kPhaVw+gCfUdv0
HntHgUm+qJnYGDOu/EINu28=
=HGG7
-----END PGP SIGNATURE-----