[Samba] PDC moved; domain admin user lost privs

Abe Shelton abe at blur.com
Thu Jan 6 01:32:28 GMT 2005


We had to revert back to the old PDC. Manually removing and re-adding 
machines to the domain as controlled by the new PDC only fixed the 
problem on W2K. WinXP didn't like the new PDC no matter what I tried.


When I get around to this again I suppose I'll first migrate the current 
PDC to Samba+LDAP, setup a second/new machine as a BDC and then elevate 
it to a PDC.


Abe Shelton wrote:
> Greetings,
> We recently moved our Samba PDC from one linux-based samba server to 
> another. I copied samba's settings (rsync'd /etc/samba/*) exactly, and 
> the new PDC has the same IP address, host name and overall config. (same 
> version of samba, same kernel, etc)
> Since moving the PDC, Windows XP workstations no longer recognize the 
> smb.conf defined "admin users"  as domain admins. Prior to moving the 
> PDC, WinXP workstations properly recognized the "admin users" as domain 
> administrators without issue.
> One hardware component in the Samba PDC that did change is the MAC 
> address of the network card.
> ** Perhaps WinXP clients will stop trusting a PDC if it's MAC address 
> suddenly changes? **
> Logins, roaming profiles and general file sharing works fine with the 
> new PDC; the only thing that's giving us trouble is that "admin users" 
> suddenly are not domain admins. (admin users do still have root-level 
> access to files/shares on samba servers -- only domain admin functions 
> fail.)
> We have found that manually removing and re-adding machines to the 
> domain seems to fix the problem. But if reverting to the prior MAC 
> address or some other trickery with the new samba PDC works, that is 
> much preferred over a late night spent fixing a bunch of broken windows.
> Any advice is much appreciated. Thanks!
> Abe

More information about the samba mailing list