[Samba] PDC moved; domain admin user lost privs
abe at blur.com
Wed Jan 5 00:41:52 GMT 2005
We recently moved our Samba PDC from one linux-based samba server to
another. I copied samba's settings (rsync'd /etc/samba/*) exactly, and
the new PDC has the same IP address, host name and overall config. (same
version of samba, same kernel, etc)
Since moving the PDC, Windows XP workstations no longer recognize the
smb.conf defined "admin users" as domain admins. Prior to moving the
PDC, WinXP workstations properly recognized the "admin users" as domain
administrators without issue.
One hardware component in the Samba PDC that did change is the MAC
address of the network card.
** Perhaps WinXP clients will stop trusting a PDC if it's MAC address
suddenly changes? **
Logins, roaming profiles and general file sharing works fine with the
new PDC; the only thing that's giving us trouble is that "admin users"
suddenly are not domain admins. (admin users do still have root-level
access to files/shares on samba servers -- only domain admin functions
We have found that manually removing and re-adding machines to the
domain seems to fix the problem. But if reverting to the prior MAC
address or some other trickery with the new samba PDC works, that is
much preferred over a late night spent fixing a bunch of broken windows.
Any advice is much appreciated. Thanks!
More information about the samba