[Samba] PDC moved; domain admin user lost privs
abe at blur.com
Thu Jan 6 01:32:28 GMT 2005
We had to revert back to the old PDC. Manually removing and re-adding
machines to the domain as controlled by the new PDC only fixed the
problem on W2K. WinXP didn't like the new PDC no matter what I tried.
When I get around to this again I suppose I'll first migrate the current
PDC to Samba+LDAP, setup a second/new machine as a BDC and then elevate
it to a PDC.
Abe Shelton wrote:
> We recently moved our Samba PDC from one linux-based samba server to
> another. I copied samba's settings (rsync'd /etc/samba/*) exactly, and
> the new PDC has the same IP address, host name and overall config. (same
> version of samba, same kernel, etc)
> Since moving the PDC, Windows XP workstations no longer recognize the
> smb.conf defined "admin users" as domain admins. Prior to moving the
> PDC, WinXP workstations properly recognized the "admin users" as domain
> administrators without issue.
> One hardware component in the Samba PDC that did change is the MAC
> address of the network card.
> ** Perhaps WinXP clients will stop trusting a PDC if it's MAC address
> suddenly changes? **
> Logins, roaming profiles and general file sharing works fine with the
> new PDC; the only thing that's giving us trouble is that "admin users"
> suddenly are not domain admins. (admin users do still have root-level
> access to files/shares on samba servers -- only domain admin functions
> We have found that manually removing and re-adding machines to the
> domain seems to fix the problem. But if reverting to the prior MAC
> address or some other trickery with the new samba PDC works, that is
> much preferred over a late night spent fixing a bunch of broken windows.
> Any advice is much appreciated. Thanks!
More information about the samba