[Samba] Promote samba-3 BDC to PDC

Matthias Grimm mgr at renzel.it
Thu Jan 6 00:10:12 MST 2011 


Am 05.01.2011 15:38, schrieb Gaiseric Vandal:
> Client machines shouldn't care if if the DC is a PDC or BDC.   Are the 
> sites currently linked via VPN?   Will they no longer be linked via 
> VPN?  Will each site have the same domain name ?   If the two sites 
> are linked somehow you want to make sure you use a WINS server on each 
> site to make sure clients do NOT connect to the "wrong" PDC.
The Branches are connected via VPN via HQ but normally they don't see 
each other.
>
> Also, machines that have authenticated to a DC will need to reboot if 
> that DC is decommisioned.
>
> Have you tried a test export of the account database from ldap to tdb 
> yet?  I found when I went from TDB to LDAP not all records were 
> exported.    I had to use "pdbedit -w" to dump data to a text file and 
> then run some scripts to recreate/ reimport missing records/fields 
> into ldap.     I don't know if you can configure a BDC with an LDAP 
> backend so you would be switching the BDC's to TDB and promoting them 
> to PDC's in the same step.    You may want to try to break the steps 
> up a little by running LDAP servers on the BDC's  so you can promote 
> the BDC's to PDC's on week, then convert them to TDB on another week.
Well, currently all samba server hold a copy of the main LDAP via 
syncrepl. Since the LDAP master is on the same server which will be 
decommisioned it has to be moved, too. Leaving the backend untouched 
seems to be the best and only change roles, eg. make one branch-server 
to PDC and LDAP-Master. Could I easily change both of the rules, like 
set domain master = yes and make the required changes to slapd.conf?

Cheers

Matthias

>
>
>
>
>
>
>
> On 01/05/2011 07:59 AM, Matthias Grimm wrote:
>> Hi,
>>
>> We have an old domain with a samba-3 PDC and LDAP backend in our HQ 
>> and two BDC in our branch offices.
>> Since we don't use the domain in our HQ anymore and one of the 
>> branches will be moved to our new domain (2003/2008) I'm thinking 
>> about decomissioning the PDC and promote both BDCs as PDC for their 
>> branch offices and networks.
>> I would also get rid of LDAP. Changing the backend to tdbsam and 
>> converting the data with pdbedit isn't that problem but how to do it 
>> all without impact? :)
>>
>> Cheers
>>
>> Matthias
>>
>

-- 
---
Matthias Grimm

Systemadministrator

VKF Renzel GmbH, Im Geer 15, D-46419 Isselburg
Fon: +49-2874-910-323
mailto:mgr at renzel.it / http://www.vkf-renzel.de

Rechtsform: GmbH, Sitz: Isselburg, AG Coesfeld, HRB 8004,
Geschaeftsfuehrer: Heinz Renzel, Ansgar Huegging, Joachim Ostendorf


Five exclamation marks, the sure sign of an insane mind.
(Terry Pratchett)

<Aoi-chan>  everyone's first vi session. ^C^C^X^X^X^XquitqQ!qdammit[esc]qwertyuiopasdfghjkl;:xwhat

More information about the samba mailing list