[Samba] samba 4 as a pdc and /etc/passwd

Rowland Penny rowlandpenny at googlemail.com
Wed Mar 12 10:51:27 MDT 2014

On 12/03/14 16:46, David Bear wrote:
> but my original question was do I need to duplicate all the accounts 
> in /etc/passwd between the two machines since I did not have ldap 
> installed originally? Will samba 4 and it's built-in ldap stuff 
> capture what I need to get through pdc to bdc replication?
Since samba 3 required each samba user to be also a local user, you will 
need to create the same users & groups on the new machine as on the old 
one with the same uid's & gid's. This is where an AD domain is better, 
users & groups only exist in AD, they cannot be local.


> On Wed, Mar 12, 2014 at 9:41 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>     On 12/03/14 16:22, David Bear wrote:
>>     Thanks for the rapid response. Apologies I was not more clear.
>>     I want to stick with the standard NT 4 domain contoller style
>>     network. Maybe next years I will think if migration to and ad dc.
>>     But for now, I want the simplest path off the samba 3 domain
>>     controller that I have.
>>     On Wed, Mar 12, 2014 at 9:18 AM, Rowland Penny
>>     <rowlandpenny at googlemail.com
>>     <mailto:rowlandpenny at googlemail.com>> wrote:
>>         On 12/03/14 16:07, David Bear wrote:
>>             I am remembering something wrong related to samba 4 and
>>             that there is no
>>             longer a need to have machine accounts and user accounts
>>             exist in
>>             /etc/passwd ? I want to set up a samba 4 domain
>>             controller as a bdc to a
>>             samba 3 domain. Have the domain data base replicate and
>>             then shut down the
>>             samba 3 pdc and promote the samba 4 to a pdc. It would be
>>             nice to ignore
>>             having to migrate /etc/passwd because I did not set up
>>             ldap for the samba 3
>>             domain.
>>         I think that we are going to need a bit more info here. When
>>         you say 'bdc' & 'pdc' are you referring to the 'classic'
>>         samba setup, or do you expect to end up with an AD controller?
>>         If you want to end up with an AD controller, then what you
>>         are proposing will not work, an AD DC will never be a pdc in
>>         a NT domain.
>>         I think that you will have to go down the classicupgrade path
>>         here, but without further info, I cannot be sure.
>>         Rowland
>>     -- 
>>     David Bear
>>     mobile: (602) 903-6476
>     Ah, well in that case, I think it is just a case of setting up
>     samba4 just like the samba3 machine and then syncing the
>     userdatebase etc from the pdc to the bdc. This is usually just
>     done by copying the samba directory from one to the other (on
>     Ubuntu this is /var/lib/samba YMMV).
>     Start up the new machine, make sure everything is ok and then stop
>     smbd, nmbd, winbind on the old pdc and everything should just
>     work, or maybe not. If it doesn't work, restart smbd etc on the
>     original pdc and you should be back to where you were, you can
>     then check the logs to try and find out what went wrong.
>     This is all from memory, it is a good few years since I last did
>     this (ok, in fact I only ever did it once ;-) ), so if anybody has
>     a better way, please chime in.
>     Rowland
> -- 
> David Bear
> mobile: (602) 903-6476

More information about the samba mailing list