Yannick Tousignant
2002-Jun-05 12:50 UTC
SOLVED! [Samba] PDC and BDC with LDAP and Samba 2.2.4
It's me again, with the solution to my problems. To get a working BDC, you have to kill samba, delete your secrets.tdb, create a MACHINE.SID and then restart samba. You will have to do this on the PDC and the BDC to have the same SID the the secrets.tdb file. Then machine account are valid even if you move your PDC, or you add a 2nd BDC, as long as you create the MACHINE.SID file before the first startup of samba. Don't forget, the MACHINE.SID file have to be the same on all domain controlers or machine account will be invalid. And ho, backup your MACHINE.SID file, samba deletes it when it convert the file to secrets.tdb! Thanks to you all!!! Yannick Tousignant ==============Gestion Informatique OKA lt?e. T?l?phone : (514) 282-9334 (#238)> -----Original Message----- > From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On > Behalf Of Yannick Tousignant > Sent: Wednesday, June 05, 2002 12:10 PM > To: Gerald Carter > Cc: samba@samba.org > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > Ok, i'm stuck at this point. Either if i want to move > the current PDC to another server or if i want to make > a BDC, i have to rejoin all the stations to the domain. > > The machine account are stored in the LDAP database that > I replicate to the BDC. The problem is that samba store > some kind of part of the machine account somewhere (maybe > in secrets.tdb) that i can't replicate on both servers. So > if the users log into another PDC, the machine accounts > are not valid for the server, so it deny all logon! > > If anyone can help me find a way to have valid machine > account on 2 different DC... > > > Thanks! > > > Yannick > > > > > -----Original Message----- > > From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On > > Behalf Of Gerald Carter > > Sent: Wednesday, June 05, 2002 9:04 AM > > To: Yannick Tousignant > > Cc: samba@samba.org > > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > > > On Tue, 4 Jun 2002, Yannick Tousignant wrote: > > > > > > > > > > > Hi, I tried to move the current PDC to another machine > > > that have the same LDAP database. It didn't work... There > > > is something about the machine account! How does samba > > > handle this? i could not logon to the moved PDC, so i > > > rejoined the domain (added my machine in TEMP workgroup, > > > reboot, rejoin de domain, reboot), and then it worked! > > > > > > Is there any way i can bypass this? > > > > Can the uid's for passwd entries sync'd on bother servers? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > cheers, jerry > > --------------------------------------------------------------------- > > Hewlett-Packard http://www.hp.com > > SAMBA Team http://www.samba.org > > -- http://www.plainjoe.org > > "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 > > --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
On Wed, 5 Jun 2002, Yannick Tousignant wrote:> > It's me again, with the solution to my problems. > > To get a working BDC, you have to kill samba, delete your > secrets.tdb, create a MACHINE.SID and then restart samba. You > will have to do this on the PDC and the BDC to have the same > SID the the secrets.tdb file. Then machine account are valid > even if you move your PDC, or you add a 2nd BDC, as long as you > create the MACHINE.SID file before the first startup of samba. > Don't forget, the MACHINE.SID file have to be the same on all > domain controlers or machine account will be invalid. > > And ho, backup your MACHINE.SID file, samba deletes it when > it convert the file to secrets.tdb!So this did not work by simply copying secrets.tdb from the PDC to the BDC? cheers, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--