[Samba] Re: Moving samba PDC to new machine (unable to change domain SID)

[Paul Smith]

So, I followed these directions and got errors in log.nmbd regarding
"domain_master_node_status_fail".  There were still entries for the old
server's ip address in connections.tdb, gencache.tdb, locking.tdb and
sessionid.tdb, so I stopped samba, deleted them and restarted.  All was
well.

I then changed the SID using "net setlocalsid
S-1-5-21-3597458131-155160113-1223051555" but couldn't logon to the
domain.

Then I found this:

phoenix:~# net getlocalsid
SID for domain PHOENIX is: S-1-5-21-3597458131-155160113-1223051555
phoenix:~# net getdomainsid
SID for domain PHOENIX is: S-1-5-21-3597458131-155160113-1223051555
SID for domain ADADOM is: S-1-5-21-261810777-3464919417-363225081

The hostname is "phoenix" and the domain name is "adadom".  Try as I
might, I can't seem to get rid of that duplicate (domainsid PHOENIX)
entry.  I've checked on the old pdc and here's the output:

phoenix:~# net getlocalsid
SID for domain PHOENIX is: S-1-5-21-3597458131-155160113-1223051555
phoenix:~# net getdomainsid
SID for domain PHOENIX is: S-1-5-21-3597458131-155160113-1223051555
SID for domain ADADOM is: S-1-5-21-3597458131-155160113-1223051555

So, there are duplicate entries there also, but at least they're
identical.

Help!

Paul


-----Original Message-----
From: samba-bounces+paul=gami.com at lists.samba.org
[mailto:samba-bounces+paul=gami.com at lists.samba.org] On Behalf Of Paul
Smith
Sent: Tuesday, February 28, 2006 9:22 AM
To: Mark Nienberg
Subject: RE: [Samba] Re: Moving samba PDC to new machine (same name?)

Thanks for the link.

How does this look?

OLDSERVER:
Stop Samba.
Backup smb.conf, smbpasswd, passdb.tdb and secrets.tdb from /etc/samba
Backup *.tdb from /var/lib/samba
Make note of the users/groups UID/GIDs

NEWSERVER:
Power up server
Change hostname to OLDSERVER
Install latest Samba
recreate users/groups with same UID/GID as the old server
restore backed up files (smb.conf, smbpasswd, passdb.tdb and secrets.tdb
from /etc/samba and *.tdb from /var/lib/samba)
Recreate shared directories
Run testparm
Start Samba
Check domain SID is the same as the old one

Does that handle all the group mappings?  I guess they're in the tdb
files?

The old server is Suse and the new server will be debian, for what it's
worth.

Paul


-----Original Message-----
From: samba-bounces+paul=gami.com at lists.samba.org
[mailto:samba-bounces+paul=gami.com at lists.samba.org] On Behalf Of Mark
Nienberg
Sent: Monday, February 27, 2006 11:50 PM
To: samba at lists.samba.org
Subject: [Samba] Re: Moving samba PDC to new machine (same name?)

Paul Smith wrote:
> I'm using a tdbsam database with Samba 3.0.11 on a machine that's
> getting a little long in the tooth.  I'd like to move the whole deal
to
> a new machine without any reconfiguring on the clients - I'm happy
with
> a little downtime - out of office hours the system is hardly used
> anyway.  I'd like to upgrade to 3.0.21c at the same time.
> 
> I'm thinking:
> 1. backup domain data on old server
> 2. shut down old server
> 3. build new server with same name as old one
> 4. restore domain data to new server
> 
> I'm having trouble with steps 1 and 4.  What exactly do I need to
> backup, and how?
> 
> Is this possible or do I have to make a new domain and rejoin the
users
> all over?


You can do this with no changes to the clients.  they will be able to 
log on to the new PDC just fine if you do it right.  The process is 
explained here:

http://us4.samba.org/samba/docs/man/Samba-Guide/upgrades.html

Read the whole chapter and pay particular attention to the section 
"Migrating Samba 3 to a new server", "Replacing a domain controller".

I did it about a week ago with no difficulties.

Mark Nienberg

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba