I found a way to change the AD for winbind without rebooting on Debian
and Gentoo, however I wonder if this is a bug.
First I stop smbd, nmbd, windbindd if they are running.
Then I remove some files.
On Debian, I removed:
/var/run/samba/smb_krb5/krb5.conf.MS
/var/run/samba/gencache.tdb
On Gentoo, I removed:
/var/cache/samba/smb_krb5/krb5.conf.MS
/var/cache/samba/gencache.tdb
Finally I restart winbindd, and consistently see my change using:
lsof -i tcp -nP |grep winbindd
Shouldn't a config change and winbindd process restart be enough?
I would like to know more about what is really going on here.
On Wed, 2010-11-10 at 08:43 -0800, John Stile wrote:> The IT department is phasing in new Active Directory servers, during
> work ours, and I need to get all my systems using winbind for
> authentication to switch to the new servers, and hopefully without a
> reboot.
>
> I tried to redirect a machine currently authenticating via the current
> AD to the new AD, but even after restarting all the winbind, smbd, nmbd
> processes, I see it still pointing to the old AD.
>
> After rebooting, it points to the new server.
>
> Trying to fool samba by adding a line to /etc/hosts didn't work either.
>
> Is there a slick non-reboot method?
>
> -----BEFORE CHANGE----
> krb5.conf contains:
> [realms]
> MY.DOMAIN.COM = {
> kdc = 192.168.0.1
> admin_server = 192.168.0.1
> default_domain = my.domain.com
> }
> smb.conf contains:
> security = ADS
> password server = ad1.my.domain.com
>
> ----AFTER CHANGE----
> [realms]
> MY.DOMAIN.COM = {
> kdc = 192.168.0.2
> admin_server = 192.168.0.2
> default_domain = my.domain.com
> }
> smb.conf contains:
> security = ADS
> password server = ad2.my.domain.com
>
>
> The way I know the system is pointing to the old ad server is by doing
> wbinfo -g
> followed by
> lsof -i tcp -nP |grep winbind
>