[Samba] How to install a replacement PDC?

samba1 at nym.hush.com samba1 at nym.hush.com
Tue Jul 30 07:00:49 MDT 2013 

Thanks very much for your detailed reply.  I’m sure it will be very 
helpful.

Is there an easy way to search for your earlier posts?  I’m looking 
in the archives, and opening them by month, then searching for your 
name. It just seems a bit long-winded – I’m not sure when you would 
have posted them!

Thanks again.


On Mon, 29 Jul 2013 16:49:48 +0100 "Gaiseric Vandal" 
<gaiseric.vandal at gmail.com> wrote:
>Run the "testparm -v" to see full details, including defaults that 
>may 
>not have been explicitly specified in smb.conf.      You want to 
>look 
>out for the "passdb backend" value.  On samba 3.4 or later tdbsam 
>is 
>probably the only valid local option.  If you were using the 
>smbpasswd 
>file (text?) format on 3.0.x you may need to use the smbpasswd 
>command 
>to export / import to the TDB  (trivial data base) format.
>
>
>
>With the old primary domain server running you should join the new 
>machine to the domain as a member server.  (net join.)   The 
>localsid on 
>all dc's should match the domainsid.     You can probably then 
>make the 
>new machine a DC by changing the smb.conf to allow domain logons 
>and by 
>changing the localsid to be the domain sid.    Verify that they 
>user 
>accounts are the same on each DC with "pdbedit -Lv."  You may find 
>that 
>some accounts did not export properly.
>
>Also make sure that each domain controller has the same group 
>mappings 
>(net rpc groupmap list ?)   From 3.0. to 3.4 or later you may find 
>you 
>need to explicitly some of the well known groups. You may also 
>need to 
>create an explicit  nobody user in linux (and specify     guest 
>account 
>= nobody in smb.conf.)
>
>
>Search for earlier post by me that cover DC migration and 3.0x to 
>3.4. 
>upgrades.
>
>
>
>
>
>
>On 07/29/13 11:24, samba1 at nym.hush.com wrote:
>> Also, here are the 'global' sections from the 'testparm' command.
>>
>> Existing Unix server
>>
>> [global]
>>      workgroup = DDOMAIN
>>      server string = Samba Server PDC
>>      smb passwd file = /etc/smbpasswd
>>      log file = /usr/lib/samba/var/log.%m
>>      max log size = 50
>>      time server = Yes
>>      keepalive = 0
>>      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>      load printers = No
>>      disable spoolss = Yes
>>      logon script = %U.bat
>>      logon drive = G:
>>      domain logons = Yes
>>      os level = 64
>>      preferred master = Yes
>>      domain master = Yes
>>      dns proxy = No
>>      wins support = Yes
>>      hosts allow = 192.0.0., 127.
>>
>>
>> New Debian server
>>
>> [global]
>>      workgroup = DDOMAIN
>>      server string = %h server (Samba %v)
>>      interfaces = 127.0.0.0/8, eth0
>>      bind interfaces only = Yes
>>      obey pam restrictions = Yes
>>      smb passwd file = /etc/smbpasswd  ### I added this, but the
>> file
>> doesn’t exit
>>      pam password change = Yes
>>      passwd program = /usr/bin/passwd %u
>>      passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n 
>*password\supdated\ssuccessfully*
>> .
>>      unix password sync = Yes
>>      syslog = 0
>>      log file = /var/log/samba/log.%m
>>      max log size = 1000
>>      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>      logon script = %U.bat
>>      logon drive = G:
>>      domain logons = Yes
>>      os level = 64
>>      preferred master = Yes
>>      domain master = Yes
>>      dns proxy = No
>>      wins support = Yes
>>      panic action = /usr/share/samba/panic-action %d
>>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list