[Samba] How to move a samba PDC to a diffrent box

[Scott Lovenberg]

Robert wrote:
> On Wednesday 18 June 2008, John Drescher wrote:
>   
>>> We have a domain with more than 100 users and we need to replace our PDC.
>>> The PDC main function is to authenticate our users to connect to the
>>> shared drive and to authenticate computer login.  The PDC is running
>>> samba with openldap on Gentoo machine.  I have two BDCs with ACL set to
>>> read and write only.  It was set that way to make the syncing process
>>> easier.  The syncing process is like a chain using slurpd.  We plan to
>>> use "syncrepl" later.
>>>
>>> What is the best way to do to replace the PDC?  I already have a Gentoo
>>> machine up and running.  I copied over all the samba and openldap files
>>> from the old PDC to this new machine.  I also exported the database by
>>> running the "slapcat -l" command.  I am hesitant to start the slapd,
>>> slurpd and samba service as I am not so sure if I am doing the right
>>> thing.
>>>       
>> Disconnect the network cable on the new machine to make sure you are
>> not interfering with the rest of the network.
>> Start slapd then use slapadd to add your ldap to the database. Use
>> slapcat to verify that all was added and the ldif looks correct. Then
>> start samba and see if the smbclient can connect to itself.
>>
>> Is the old machine the same name as the new? How about the ipddress?
>> Are you using wins, lmhosts or dns for your clinets to find the pdc?
>>
>> BTW, I have to cut this a lot shorter than I want but I am very busy
>> at the day job and if I do not get my tasks done several new users
>> will not have a pc on Monday.
>>
>> John
>>     
>
> I'll add my two cents. I recently did this, except we aren't using ldap. 
> Didn't see the advantage. It was a new box with a different IP address. Long 
> story short: All but 2 XP SP2 refused to join the new domain. Told me Logon 
> failure: unknown user name or bad password. The Win2K and XP SP1 machines did 
> not have a problem, and the log files show root authenticated successfully, 
> so it looks like XP SP2 is the problem, but I have no idea why 2 joined when 
> all the rest didn't.
>
> Still haven't found the reason or fix and most machines are workgroup members 
> now...Good luck, hopefully you won't need it.
>
>   
Something to this effect happened to me once about two years ago.  I 
think the punch line was that I broke the SID when I changed the IP or 
hostname, IIRC.  All XP Pro SP2 clients.  I think I ended up blowing 
away the machine accounts and rejoining the clients to the domain (I 
only had about a dozen, so it was just me kicking myself as I recalled 
the thought, "this might not be wise" echoing through my minds' ear as I 
rebooted the server after changing the configuration, instead of having 
to join hundreds of clients back again).  Have you verified that this 
hasn't happened to you?