[Samba] How to install a replacement PDC?

Chris Smith smb_77 at chrissmith.org
Tue Jul 30 10:36:40 MDT 2013 

You may want to look into using the Sernet packages instead of the
Debian ones, then you'll have an up-to-date Samba 3.6.16
installation.

Only problem I had was that I needed to add Samba to run level 2 as it
appears my CLI only install of Wheezy doesn't boot into run level 3
(as Debian claims is their default).

Chris

On Tue, Jul 30, 2013 at 9:00 AM,  <samba1 at nym.hush.com> wrote:
> Thanks very much for your detailed reply.  I’m sure it will be very
> helpful.
>
> Is there an easy way to search for your earlier posts?  I’m looking
> in the archives, and opening them by month, then searching for your
> name. It just seems a bit long-winded – I’m not sure when you would
> have posted them!
>
> Thanks again.
>
>
> On Mon, 29 Jul 2013 16:49:48 +0100 "Gaiseric Vandal"
> <gaiseric.vandal at gmail.com> wrote:
>>Run the "testparm -v" to see full details, including defaults that
>>may
>>not have been explicitly specified in smb.conf.      You want to
>>look
>>out for the "passdb backend" value.  On samba 3.4 or later tdbsam
>>is
>>probably the only valid local option.  If you were using the
>>smbpasswd
>>file (text?) format on 3.0.x you may need to use the smbpasswd
>>command
>>to export / import to the TDB  (trivial data base) format.
>>
>>
>>
>>With the old primary domain server running you should join the new
>>machine to the domain as a member server.  (net join.)   The
>>localsid on
>>all dc's should match the domainsid.     You can probably then
>>make the
>>new machine a DC by changing the smb.conf to allow domain logons
>>and by
>>changing the localsid to be the domain sid.    Verify that they
>>user
>>accounts are the same on each DC with "pdbedit -Lv."  You may find
>>that
>>some accounts did not export properly.
>>
>>Also make sure that each domain controller has the same group
>>mappings
>>(net rpc groupmap list ?)   From 3.0. to 3.4 or later you may find
>>you
>>need to explicitly some of the well known groups. You may also
>>need to
>>create an explicit  nobody user in linux (and specify     guest
>>account
>>= nobody in smb.conf.)
>>
>>
>>Search for earlier post by me that cover DC migration and 3.0x to
>>3.4.
>>upgrades.
>>
>>
>>
>>
>>
>>
>>On 07/29/13 11:24, samba1 at nym.hush.com wrote:
>>> Also, here are the 'global' sections from the 'testparm' command.
>>>
>>> Existing Unix server
>>>
>>> [global]
>>>      workgroup = DDOMAIN
>>>      server string = Samba Server PDC
>>>      smb passwd file = /etc/smbpasswd
>>>      log file = /usr/lib/samba/var/log.%m
>>>      max log size = 50
>>>      time server = Yes
>>>      keepalive = 0
>>>      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>      load printers = No
>>>      disable spoolss = Yes
>>>      logon script = %U.bat
>>>      logon drive = G:
>>>      domain logons = Yes
>>>      os level = 64
>>>      preferred master = Yes
>>>      domain master = Yes
>>>      dns proxy = No
>>>      wins support = Yes
>>>      hosts allow = 192.0.0., 127.
>>>
>>>
>>> New Debian server
>>>
>>> [global]
>>>      workgroup = DDOMAIN
>>>      server string = %h server (Samba %v)
>>>      interfaces = 127.0.0.0/8, eth0
>>>      bind interfaces only = Yes
>>>      obey pam restrictions = Yes
>>>      smb passwd file = /etc/smbpasswd  ### I added this, but the
>>> file
>>> doesn’t exit
>>>      pam password change = Yes
>>>      passwd program = /usr/bin/passwd %u
>>>      passwd chat = *Enter\snew\s*\spassword:* %n\n
>>> *Retype\snew\s*\spassword:* %n\n
>>*password\supdated\ssuccessfully*
>>> .
>>>      unix password sync = Yes
>>>      syslog = 0
>>>      log file = /var/log/samba/log.%m
>>>      max log size = 1000
>>>      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>      logon script = %U.bat
>>>      logon drive = G:
>>>      domain logons = Yes
>>>      os level = 64
>>>      preferred master = Yes
>>>      domain master = Yes
>>>      dns proxy = No
>>>      wins support = Yes
>>>      panic action = /usr/share/samba/panic-action %d
>>>
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list