[Samba] How to move a samba PDC to a diffrent box

Robert robert at spotswood-computer.net
Thu Jun 19 03:01:30 GMT 2008

On Wednesday 18 June 2008, John Drescher wrote:
> > We have a domain with more than 100 users and we need to replace our PDC.
> > The PDC main function is to authenticate our users to connect to the
> > shared drive and to authenticate computer login.  The PDC is running
> > samba with openldap on Gentoo machine.  I have two BDCs with ACL set to
> > read and write only.  It was set that way to make the syncing process
> > easier.  The syncing process is like a chain using slurpd.  We plan to
> > use "syncrepl" later.
> >
> > What is the best way to do to replace the PDC?  I already have a Gentoo
> > machine up and running.  I copied over all the samba and openldap files
> > from the old PDC to this new machine.  I also exported the database by
> > running the "slapcat -l" command.  I am hesitant to start the slapd,
> > slurpd and samba service as I am not so sure if I am doing the right
> > thing.
> Disconnect the network cable on the new machine to make sure you are
> not interfering with the rest of the network.
> Start slapd then use slapadd to add your ldap to the database. Use
> slapcat to verify that all was added and the ldif looks correct. Then
> start samba and see if the smbclient can connect to itself.
> Is the old machine the same name as the new? How about the ipddress?
> Are you using wins, lmhosts or dns for your clinets to find the pdc?
> BTW, I have to cut this a lot shorter than I want but I am very busy
> at the day job and if I do not get my tasks done several new users
> will not have a pc on Monday.
> John

I'll add my two cents. I recently did this, except we aren't using ldap. 
Didn't see the advantage. It was a new box with a different IP address. Long 
story short: All but 2 XP SP2 refused to join the new domain. Told me Logon 
failure: unknown user name or bad password. The Win2K and XP SP1 machines did 
not have a problem, and the log files show root authenticated successfully, 
so it looks like XP SP2 is the problem, but I have no idea why 2 joined when 
all the rest didn't.

Still haven't found the reason or fix and most machines are workgroup members 
now...Good luck, hopefully you won't need it.

Fail to learn history-repeat it.
Fail to learn rights-lose them.
Learn both-get screwed by previous two groups.

More information about the samba mailing list