Jeff McWilliams
2004-Jul-22 05:03 UTC
[Samba] With a Samba 3 PDC, can I promote a Samba BDC to become new PDC?
I'm helping out a small office upgrade their NT 4 PDC to Samba. It's a small office of 6 people, so tdbsam is being used. They keep having tape backup issues and other problems, so one of the reasons for the Samba migration is to allow me to SSH into their box and remotely administer it from home on evenings/weekends. Currently I'm testing the move using two dummy machines, and some Windows 2000 clients running under VMWare. Following the Samba Guide, my plan was as follows: Existing Windows NT machine is called DellDC. Temporary machine is called TempDC 1. Create a Linux based, Samba BDC named TempDC that joins the NT domain, then following the instructions in chapters 5 and 8 of the Samba-Guide, vampire the accounts database off of DellDC and promote TempDC to a PDC. 2. Shutdown DellDC, and reload with Linux, configuring Samba as a BDC. Following the same approach, re-join DellDC to NT domain as a BDC, and using net rpc vampire, vampire accounts database off of TempDC and promote DellDC to PDC. 3. Shutdown TempDC for good. In my simulation environment, I created a similar set of machines. One is NT 4.0 server and the other is Debian Linux (testing, sarge) with the latest Samba 3.0.4. My samba configuration files are almost exactly as shown in the Samba-Guide with the exception of printer shares and the fictional shared folders. Step 1 goes fine. I was able to join TempDC to the domain hosted by NT4 on DellDC, vampire the accounts off of DellDC, and promote TempDC to Primary DC status. After this I turned off DellDC and reloaded it with Debian Linux and Samba. Step 2 fails. I reload DellDC with Linux, and successfully join the domain. Groupmaps are successfully created as directed in the guide, as before. I even made sure /etc/passwd and /etc/group are the same on both the Linux PDC and the Linux BDC that I'm trying to promote. However, 'net rpc vampire' fails. The output is: DellDC:/etc/samba# net rpc vampire -S TempDC Fetching DOMAIN database Failed to fetch domain database: NT_STATUS_UNSUCCESSFUL Is there another approach or did I configure something incorrectly? Given a successfully running Samba 3.0 PDC using tdbsam, how can I migrate the PDC responsibilities from the existing Linux box to another? I'd imagine this scenario comes up often as people upgrade server hardware on PDCs without losing all the existing domain settings. Can anyone help me? Many thanks, Jeff McWilliams -- Jeff McWilliams: Jeff.McWilliams@clanmcwilliams.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Eric J Bennett
2004-Jul-22 05:13 UTC
[Samba] With a Samba 3 PDC, can I promote a Samba BDC to become new PDC?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm trying to do the exact same thing out here, it's tricky, even after reading the manual rather thoroughly, I got to the stage where we vampire'd over all the account info successfully, but the vampire didn't copy the password information for the machine accounts, and thus people cannot log on. I've posted to this list about it a couple of times before, but noone has answered, I don't know if this is just an accepted bug or I'm screwing something up, still trying to hack through the smbldap-useradd script in the machine adding section, which is my best guess as to where the actual problem is. Cheers Eric Jeff McWilliams wrote: | I'm helping out a small office upgrade their NT 4 PDC to Samba. It's a small | office of 6 people, so tdbsam is being used. They keep having tape backup | issues | and other problems, so one of the reasons for the Samba migration is to allow | me | to SSH into their box and remotely administer it from home on | evenings/weekends. | | | | Currently I'm testing the move using two dummy machines, and some Windows 2000 | clients running under VMWare. | | Following the Samba Guide, my plan was as follows: | | Existing Windows NT machine is called DellDC. | Temporary machine is called TempDC | | 1. Create a Linux based, Samba BDC named TempDC that joins the NT domain, then | following the instructions in chapters 5 and 8 of the Samba-Guide, vampire the | accounts database off of DellDC and promote TempDC to a PDC. | | 2. Shutdown DellDC, and reload with Linux, configuring Samba as a BDC. | Following the same approach, re-join DellDC to NT domain as a BDC, and using | net rpc vampire, vampire accounts database off of TempDC and promote DellDC to | PDC. | | 3. Shutdown TempDC for good. | | | In my simulation environment, I created a similar set of machines. One is NT | 4.0 server and the other is Debian Linux (testing, sarge) with the latest Samba | | 3.0.4. My samba configuration files are almost exactly as shown in the | Samba-Guide with the exception of printer shares and the fictional shared | folders. | | Step 1 goes fine. I was able to join TempDC to the domain hosted by NT4 on | DellDC, vampire the accounts off of DellDC, and promote TempDC to Primary DC | status. After this I turned off DellDC and reloaded it with Debian Linux and | Samba. | | Step 2 fails. I reload DellDC with Linux, and successfully join the domain. | Groupmaps are successfully created as directed in the guide, as before. I even | made sure /etc/passwd and /etc/group are the same on both the Linux PDC and the | Linux BDC that I'm trying to promote. However, 'net rpc vampire' fails. | | The output is: | DellDC:/etc/samba# net rpc vampire -S TempDC | Fetching DOMAIN database | Failed to fetch domain database: NT_STATUS_UNSUCCESSFUL | | | Is there another approach or did I configure something incorrectly? Given a | successfully running Samba 3.0 PDC using tdbsam, how can I migrate the PDC | responsibilities from the existing Linux box to another? | | I'd imagine this scenario comes up often as people upgrade server | hardware on PDCs without losing all the existing domain settings. | | Can anyone help me? | | Many thanks, | | Jeff McWilliams | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA/07e3xh0GTRQuR4RApU4AJ0fbad9tZFVE5ngNLNB4GgZYVPpmgCcDi35 TgyrXJWAOmyASmayOVnhF3k=sxRE -----END PGP SIGNATURE-----