[Samba] Suggestions for moving a PDC function

[Gaiseric Vandal]

On 03/26/12 04:56, Arnold Krille wrote:
> Hi,
>
> On 03/24/2012 08:09 PM, Simon Matthews wrote:
>> I currently have a server which is both the PDC for my domain and the 
>> file
>> server for the network.
>> I need to split these functions and move the PDC function to another 
>> box,
>> while leaving the original server as the file server on which home
>> directories and roaming profiles are stored. User credentials are 
>> stored in
>> a tdbsam database and I am running Samba 3.5.
>
> I can't comment on the actually samba-internal files as I haven't yet 
> moved a samba server from one machine to the other.
> But as far as my understanding of windows-domains (and the excellent 
> samba3.5 docs) goes, the pdc has its special role for two things: 
> providing the login-information and providing at least the 
> logon-share, maybe even the profiles-share.
> So I doubt that you can completely separate your servers. Of course 
> you can set up a second samba-server (as bdc or normal domain-member) 
> to provide additional shares. Wouldn't it be easier on your case to 
> just move some of the shares to the second machine?
>
> Have fun,
>
> Arnold

The best way in this situation to relocate the PDC role to a new machine 
is to configure the new machine as a BDC.  You can then promote the new 
machine to PDC while demoting the original PDC to BDC (or even to a 
domain member.)  Samba has  a user attribute called "Profile Path" -  
see "man pdbedit" -  you should be able to specify the actual server 
used for the profile directory.

I find benefits to having a file server be a DC-  there is redundancy 
for domain authentication, and the "windows" users are mapped properly 
to the "unix" users.    I also found I needed to keep the WINS server 
role with the PDC-  but that may have been because my PDC was newer 
version of samba than the BDC's for a while.

But I would agree with Arnold that adding a new file server and not 
tinkering with PDC seems easiest.