[Samba] Moving PDC

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Jun 7 15:35:59 MDT 2011

If everything is an LDAP backend that makes it simpler.   installing the 
new machine as BDC then promoting it should be easy enough.    In my 
environment, the each DC was also a LDAP server (in a multi-master 
replication topology.)     You may to make sure that when you switch a 
machine from PDC to BDC (or vice versa) that you enable/disable ldap 
read-only in smb.conf.

How do you handle idmapping? In my environment, we use LDAP for the 
underlying unix accounts as well so this keeps unix uid's and gid's for 
the  accounts consistent.

A windows client generally doesn't care if it uses a PDC or BDC-  it 
will give preference to a BDC.    But if it already is authenticated to 
a particular DC I don't think it changing mode will matter.  I don't 
know if you have to restart samba to change from PDC to BDC (or vice 
versa)-  that might cause problems for people who were logged in with 
open files on that server.

Do you have trusts set up with other domains?    I switched which 
machine was the PDC and also found I had to make the new PDC the WINS 
server as well.

FC14 has samba 3.5.x.   I am sure there are some config changes between 
3.4. and 3.5 that may be gotchas.      Altho so far for me going from 
3.4 to 3.5.x doesn't seem to have broken anything (at least anything 
else-  some things that didn't work under properly 3.4. still don't work 
for me.)

On 06/07/2011 02:57 PM, Donny Brooks wrote:
> Hi all,
>      We currently have a Fedora 11 machine (about to be upgraded to 
> Fedora 15 though) running Samba 3.4.7 as our PDC and multiple BDC 
> "home servers" running various versions of samba and OS. What I am 
> needing is a fail proof way to migrate the PDC function off the 
> current machine and onto another new fresh install. Currently our PDC 
> is also the home server for one of our groups of employees. I want to 
> migrate this off onto a separate BDC if possible leaving the PDC 
> functions to be the only thing that machine does. The last time I 
> attempted this it did not work correctly but that is only because I 
> thought I could simply copy the config file over and start up samba. 
> That was incorrect.
> What I need is a "fool proof" way to just make it work with minimal 
> downtime for any of our users. We use OpenLDAP for domain 
> authentication if that makes any difference. Before I have read that 
> you demote and promote certain DC's to whatever function but not sure 
> if that is the best way to do this. We have approximately 9 BDC "home 
> servers" that are a mix of on our campus and some remote (all on our 
> network though). I need the best way to not disrupt any of them if 
> possible.
> Thanks in advance.

More information about the samba mailing list