[Samba] Replacing a PDC

Paul Furness paul.furness at vil.ite.mee.com
Wed Aug 10 18:39:30 GMT 2005 

Hi.

I'm having a helluva time trying to replace my Samba PDC machine with 
new hardware, and I'd really appreciate some pointers about how I should 
be doing it. I'm sorry, I wrote a lot of detail in this email - trying 
to mention everything that might be relevant.

Here's the detail:

I've a perfectly functional PDC running on older hardware under RedHat 9 
and Samba 3.0.2.
When I set it up, I was creating a windows domain for the first time, so 
I had no data to migrate. It was really easy to set up once I'd read 
about all the options I needed in the smb.conf file. (I've posted the 
smb.conf files at the end.)

I now want to replace this machine with a completely new box. So I've 
got the new hardware and installed FC4 on there, including Samba version 
3.0.14. I've migrated with no problems the NIS, DNS, cups and so on and 
they are all working just fine off the new machine. The old PDC is now 
ypbound to the new machine for unix users, and it's still working just 
fine in samba.

I want to migrate the SMB from the old to the new box. I tried simply 
copying all the samba config files and /var/samba/* from the PDC to the 
same places on the new box, then stopping smb on the old box and 
starting it on the new one. This resulted in none of the windows 
machines being able to see any domain controller at all, so I nuked all 
that and started again. I uninstalled all samba from the new machine, 
then searched the hard disk and removed all the samba directories to 
ensure a completely clean start, then I installed samba from scratch.

I tried setting up the new server as a BDC, and joining the domain 
(using 'net join'). I copied and edited the smb.conf file from the 
working server, then copied over passdb.tdb and smbusers. I then used 
'net rpc getsid' to set the sid of the BDC and started smb. The new 
machine thought that it was working fine as a BDC, but none of the 
windows machines connected to it. I then stopped the PDC service, and 
again none of the windows boxes could see any kind of domain controller 
(even after rebooting them).

Finally, I edited the smb.conf on the new server to tell it to be a PDC, 
in an attempt to promote it. After rebooting, the workstations could see 
it as a domain controller. However, they will only let me log in to the 
domain as user "root" (which I'd added to the original server early on 
to make things work). It doesn't allow anyone else to log in  with the 
'helpful' message "Windows could not log you on". Obviously it's sort of 
working, because the machines seem to be able to connect and see the 
domain, and if I log in as root and then, say, go to add a domain user 
to the Administrators group, it works fine and I can view a full list of 
domain users as I would expect.

So how do I get this thing to work? I'm not using LDAP as the backend, 
and although I can see the advantages I don't right now want to try and 
set all that up. How do I migrate all the user and machine information 
from the old PDC to the new one, using tdbsam as the backend? Should I 
export the contents of tdbsam to smbpasswd and then back again on the 
new machine? In which case, how do I do this?

Any help appreciated.

Paul.
---
Here are my smb.conf files. (I've not posted some of the bits which I'm 
pretty sure aren't relevant like logging options and comments).

Here's the config from the working PDC

<snip>
[global]
   netbios name = antonia
   workgroup = vilnt
   server string = vilnt PDC (antonia)
   passdb backend = tdbsam
   security = user
   add machine script = /usr/sbin/useradd -g 100 -d /dev/null -s 
/bin/false -M %u
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   unix password sync = Yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = yes
   os level = 50
   domain master = yes
   preferred master = yes
   domain logons = yes
   logon script = %U.bat
   logon path = \\picard\%U\.ntprofile
   logon drive = H:
   logon home = \\picard\%U
   wins support = yes
   dns proxy = yes
#============================ Share Definitions 
==============================
 [netlogon]
   comment = Network Logon Service
   path = /netlogon
   guest ok = yes
   writable = no
   share modes = no
</snip>

And here is the config from the new server:
<snip>
[global]
   netbios name = charlotte
   workgroup = vilnt
   server string = vilnt new PDC (charlotte)
   passdb backend = tdbsam
   security = user
   add machine script = /usr/sbin/useradd -g 100 -d /dev/null -s 
/bin/false -M %u
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   unix password sync = Yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = yes
   os level = 50
   domain master = yes
   preferred master = yes
   domain logons = yes
   logon script = %U.bat
   logon path = \\picard\%U\.ntprofile
   logon drive = H:
   logon home = \\picard\%U
   wins support = yes
   dns proxy = yes
#============================ Share Definitions 
==============================
[netlogon]
   comment = Network Logon Service
   path = /netlogon
   guest ok = yes
   writable = no
   share modes = no
</snip>

More information about the samba mailing list