On Mon, 3 Feb 2003, Tom Alsberg wrote: > > When smbd starts (and this includes at least 2.2.3, I believe, and beyond > > to 3.0.x), it checks to see if there is a SID in the secrets file with the > > key SECRET/SID/<UCNBNAME> where UCNBNAME is the uppercase NetBIOS name. > > You mean - the uppercase NetBIOS name of the server (where smbd runs) > - right?
Yup > > If one does not exist, it will create a new random SID, set the machine > > SID to that, and then set the domain SID to that! If the SID changes, even > > if you have preserved the trust accounts and their current passwords, > > Windows will complain that the SID is inconsistent with what it had when > > it joined. > > OK. But if I copy the SID file[s]? If you copy the secrets file, you still need to make sure smbd runs with the same NetBIOS name. > > The SID for the old machine name is still in the secrets file, and you can > > use tdbdump to find the keys, and thus the old machine name if you need > > to. > > What do you mean by 'old machine name'? I most probably know the name > of the machines which was previously acting as the server. Yup. > > > > This is relevant to your questions below. > > > > > The question is - if any of you had experience, or theoretical facts > > > and ideas of - would this work? For users who only use it as a file > > > and print server, it most probably would. But as a domain controller > > > - the clients remember a few things, and the server remembers a few > > > things. > > > > > > The SID and secrets files should probably be copied... But then, > > > should clients who are already in the domain be able to continue using > > > it, without leaving and re-joining it? > > > > You probably only really need the secrets file and the smbpasswd or > > whatever passwd database you are using for Windows accounts. > > OK... That's not a problem to preserve, I assume... Correct. > > > > If the NetBIOS name changes, you have a couple of choices, as outlined at > > www.richardsharpe.com. > > Well, I took a look at some of the information there... Useful > advice... > But anyway, I was speaking of the NetBIOS name not changing (nmbd will > run with the -n flag to have the same NetBIOS name, no matter on what > machine it is running). That is good. > > As soon as Samba 2.2.8 ships you will retrieve the old SID and > > re-establish that as the machine SID for your Samba server and the > > domain SID. You can already do that with the net command for Samba > > 3.0.x. > > I didn't know Samba 3 had a net command... I'll look after it. > > Anyway, so now, after all - could you say - would it work? > If I kill Samba on one machine, start it on another machine, with nmbd > getting the same -n flag, and about the same configuration, and I copy > the secret files - will log-ons to the domain (from machines that have > already joined in the past) work without re-joining it? Would there > be any other problem? I expect you will be fine. However, I have not tried that. > As I understand from your message, there should not be any problem. > Is this right? I think you will be OK. Let us know :-) Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
