Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] With a Samba 3 PDC, can I promote a Samba BDC to become new PDC?

0 views
Skip to first unread message

Jeff McWilliams

unread,
Jul 22, 2004, 1:10:06 AM7/22/04
to
I'm helping out a small office upgrade their NT 4 PDC to Samba. It's a small
office of 6 people, so tdbsam is being used. They keep having tape backup
issues
and other problems, so one of the reasons for the Samba migration is to allow
me
to SSH into their box and remotely administer it from home on
evenings/weekends.

Currently I'm testing the move using two dummy machines, and some Windows 2000
clients running under VMWare.

Following the Samba Guide, my plan was as follows:

Existing Windows NT machine is called DellDC.
Temporary machine is called TempDC

1. Create a Linux based, Samba BDC named TempDC that joins the NT domain, then
following the instructions in chapters 5 and 8 of the Samba-Guide, vampire the
accounts database off of DellDC and promote TempDC to a PDC.

2. Shutdown DellDC, and reload with Linux, configuring Samba as a BDC.
Following the same approach, re-join DellDC to NT domain as a BDC, and using
net rpc vampire, vampire accounts database off of TempDC and promote DellDC to
PDC.

3. Shutdown TempDC for good.


In my simulation environment, I created a similar set of machines. One is NT
4.0 server and the other is Debian Linux (testing, sarge) with the latest Samba

3.0.4. My samba configuration files are almost exactly as shown in the
Samba-Guide with the exception of printer shares and the fictional shared
folders.

Step 1 goes fine. I was able to join TempDC to the domain hosted by NT4 on
DellDC, vampire the accounts off of DellDC, and promote TempDC to Primary DC
status. After this I turned off DellDC and reloaded it with Debian Linux and
Samba.

Step 2 fails. I reload DellDC with Linux, and successfully join the domain.
Groupmaps are successfully created as directed in the guide, as before. I even
made sure /etc/passwd and /etc/group are the same on both the Linux PDC and the
Linux BDC that I'm trying to promote. However, 'net rpc vampire' fails.

The output is:
DellDC:/etc/samba# net rpc vampire -S TempDC
Fetching DOMAIN database
Failed to fetch domain database: NT_STATUS_UNSUCCESSFUL


Is there another approach or did I configure something incorrectly? Given a
successfully running Samba 3.0 PDC using tdbsam, how can I migrate the PDC
responsibilities from the existing Linux box to another?

I'd imagine this scenario comes up often as people upgrade server
hardware on PDCs without losing all the existing domain settings.

Can anyone help me?

Many thanks,

Jeff McWilliams

--
Jeff McWilliams: Jeff.Mc...@clanmcwilliams.org

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba

Eric J Bennett

unread,
Jul 22, 2004, 1:20:05 AM7/22/04
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm trying to do the exact same thing out here, it's tricky, even after
reading the manual rather thoroughly, I got to the stage where we
vampire'd over all the account info successfully, but the vampire didn't
copy the password information for the machine accounts, and thus people
cannot log on.

I've posted to this list about it a couple of times before, but noone
has answered, I don't know if this is just an accepted bug or I'm
screwing something up, still trying to hack through the smbldap-useradd
script in the machine adding section, which is my best guess as to where
the actual problem is.

Cheers

Eric

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA/07e3xh0GTRQuR4RApU4AJ0fbad9tZFVE5ngNLNB4GgZYVPpmgCcDi35
TgyrXJWAOmyASmayOVnhF3k=
=sxRE
-----END PGP SIGNATURE-----

John H Terpstra

unread,
Jul 22, 2004, 1:40:06 AM7/22/04
to
On Wednesday 21 July 2004 23:21, Eric J Bennett wrote:
> I'm trying to do the exact same thing out here, it's tricky, even after
> reading the manual rather thoroughly, I got to the stage where we
> vampire'd over all the account info successfully, but the vampire didn't
> copy the password information for the machine accounts, and thus people
> cannot log on.

We are aware of this problem. It does not affect every site but on those that
it does the problem is significant. I'm sorry to say that we do not have a
solution at this time. It would help if you can capture the entire process
using ethereal as well as a level 10 debug trace of the activity and then
post a bug report on bugzilla.samba.org. So far we have not been able to
capture sufficient information to catch what is glitching.

Andrew Bartlett may be able to comment when he sees the debug info.

- John T.

--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.

Eric J Bennett

unread,
Jul 22, 2004, 3:10:08 AM7/22/04
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'd be happy to do so, it may take me a while to obfuscate the password
hashes suitably and stuff, but perhaps end of day tommorow I could have
it done, I'll post diag info on bugzilla when it's all set.

Regards

Eric

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA/2hP3xh0GTRQuR4RAu/YAJ9DUhKdvkEip+nLAurhW0kPhaVw+gCfUdv0
HntHgUm+qJnYGDOu/EINu28=
=HGG7
-----END PGP SIGNATURE-----

0 new messages