Michael Deutschmann
2010-Jun-16 00:50 UTC
[Samba] Transferring PDC responsibility without LDAP
I'm using a NT4-style domain on my home network, with Samba 3.5.3 acting as PDC. I would like to transfer PDC responsibilty to a different GNU/Linux machine so I can retire the original PDC. With Windows DCs, I understand this is simple -- just create a BDC, promote it, and remove the old. However, an analogous approach would be problematic here, because in Samba going from one DC to two is a massive increase in complexity. (Because of the LDAP requirements) I suspect it might work, in this case, to do what the HOWTO expressly forbids, which is to invoke "net rpc getsid" without configuring LDAP. If I shut down the old server before starting smbd on the new, I should avoid the synchronization risk. The sequence would be: 1. Create configuration file on new PDC broadly similar to the old. 2. Clear out any lingering .tdb files on the new PDC from past test runs of smbd there as an isolated server. (smbd is not running at this point.) 3. Run net rpc getsid on the new PDC. 4. Make sure all clients are logged out. 5. Shut down smbd/nmbd on the old PDC, hopefully for good. 6. Copy old PDC's profile directories and passdb.tdb to the new PDC. 7. Use pdbedit to update the profile directory location for each user. 8. Start smbd/nmbd on the new PDC. 9. Start logging in from clients again. Thoughts? ---- Michael Deutschmann <michael at talamasca.ocis.net>
Gaiseric Vandal
2010-Jun-16 03:24 UTC
[Samba] Transferring PDC responsibility without LDAP
Is the new machine going to have the same IP address and machine name? I would think that in that case you should be able to copy the configuration files, profile directories, private and locks directories over to the new machine. You could copy all the samba stuff over to the new machine, take the old machine off the network, change the host name and ip of the new machine to that off the old machine and start samba back up.
Michael Deutschmann
2010-Jul-05 22:42 UTC
[Samba] Transferring PDC responsibility without LDAP
On Sat, 19 Jun 2010, I wrote:> Can anyone answer my original question, which is whether my original > strategy (use "net rpc getsid" without LDAP, but stop old PDC forever > before starting the new one) is sound?After no one answered, last week I decided to just try it and see. Except for the fact I needed to add a "-S" option to the getsid command to make it work, it seems to be holding up fine. ---- Michael Deutschmann <michael at talamasca.ocis.net>