[Samba] How to install a replacement PDC?

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Jul 29 09:49:20 MDT 2013 

Run the "testparm -v" to see full details, including defaults that may 
not have been explicitly specified in smb.conf.      You want to look 
out for the "passdb backend" value.  On samba 3.4 or later tdbsam is 
probably the only valid local option.  If you were using the smbpasswd 
file (text?) format on 3.0.x you may need to use the smbpasswd command 
to export / import to the TDB  (trivial data base) format.



With the old primary domain server running you should join the new 
machine to the domain as a member server.  (net join.)   The localsid on 
all dc's should match the domainsid.     You can probably then make the 
new machine a DC by changing the smb.conf to allow domain logons and by 
changing the localsid to be the domain sid.    Verify that they user 
accounts are the same on each DC with "pdbedit -Lv."  You may find that 
some accounts did not export properly.

Also make sure that each domain controller has the same group mappings 
(net rpc groupmap list ?)   From 3.0. to 3.4 or later you may find you 
need to explicitly some of the well known groups. You may also need to 
create an explicit  nobody user in linux (and specify     guest account 
= nobody in smb.conf.)


Search for earlier post by me that cover DC migration and 3.0x to 3.4. 
upgrades.






On 07/29/13 11:24, samba1 at nym.hush.com wrote:
> Also, here are the 'global' sections from the 'testparm' command.
>
> Existing Unix server
>
> [global]
>      workgroup = DDOMAIN
>      server string = Samba Server PDC
>      smb passwd file = /etc/smbpasswd
>      log file = /usr/lib/samba/var/log.%m
>      max log size = 50
>      time server = Yes
>      keepalive = 0
>      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>      load printers = No
>      disable spoolss = Yes
>      logon script = %U.bat
>      logon drive = G:
>      domain logons = Yes
>      os level = 64
>      preferred master = Yes
>      domain master = Yes
>      dns proxy = No
>      wins support = Yes
>      hosts allow = 192.0.0., 127.
>
>
> New Debian server
>
> [global]
>      workgroup = DDOMAIN
>      server string = %h server (Samba %v)
>      interfaces = 127.0.0.0/8, eth0
>      bind interfaces only = Yes
>      obey pam restrictions = Yes
>      smb passwd file = /etc/smbpasswd  ### I added this, but the
> file
> doesn’t exit
>      pam password change = Yes
>      passwd program = /usr/bin/passwd %u
>      passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*
> .
>      unix password sync = Yes
>      syslog = 0
>      log file = /var/log/samba/log.%m
>      max log size = 1000
>      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>      logon script = %U.bat
>      logon drive = G:
>      domain logons = Yes
>      os level = 64
>      preferred master = Yes
>      domain master = Yes
>      dns proxy = No
>      wins support = Yes
>      panic action = /usr/share/samba/panic-action %d
>

More information about the samba mailing list