[Samba] PDC moved; domain admin user lost privs

Abe Shelton abe at blur.com
Wed Jan 5 00:41:52 GMT 2005


Greetings,

We recently moved our Samba PDC from one linux-based samba server to 
another. I copied samba's settings (rsync'd /etc/samba/*) exactly, and 
the new PDC has the same IP address, host name and overall config. (same 
version of samba, same kernel, etc)

Since moving the PDC, Windows XP workstations no longer recognize the 
smb.conf defined "admin users"  as domain admins. Prior to moving the 
PDC, WinXP workstations properly recognized the "admin users" as domain 
administrators without issue.

One hardware component in the Samba PDC that did change is the MAC 
address of the network card.

** Perhaps WinXP clients will stop trusting a PDC if it's MAC address 
suddenly changes? **

Logins, roaming profiles and general file sharing works fine with the 
new PDC; the only thing that's giving us trouble is that "admin users" 
suddenly are not domain admins. (admin users do still have root-level 
access to files/shares on samba servers -- only domain admin functions 
fail.)

We have found that manually removing and re-adding machines to the 
domain seems to fix the problem. But if reverting to the prior MAC 
address or some other trickery with the new samba PDC works, that is 
much preferred over a late night spent fixing a bunch of broken windows.

Any advice is much appreciated. Thanks!

Abe




More information about the samba mailing list