On Wed, 2002-11-20 at 22:53, Ronan Waide wrote: > On November 20, [EMAIL PROTECTED] said: > > It should work, once you get the SIDs right, for users at least > > (assuming ldap or rsynced smbpasswd). Other things are harder to get > > synced across correctly. > > > > There is some (slightly out date) documentation in the source disto. > > I'm fighting with this at the moment. net rpc vampire isn't documented > in the source distro (that I can find, anyway) but for anyone else > playing with it, it does take a bit of fiddling to make it work. I > presume there's a way to make all this work without creating Unix > accounts (LDAP or winbindd) but since I'm trying not to go too far out > on a limb, I will note that the use-unix-accounts option requires you > to have working "add machine", "add user", and "add group" scripts. It > will fail non-obviously if you don't have these (for example, it > claims to be creating the groups, but doesn't do so, because you've > not defined the script - this had me stumped for a while).
If you want to contribute some doco or simply a discussion of what you did and how you did it, it would be most appreciated. You must use the 'add user' scripts etc - because we don't automatically create these users, and we don't allow users without a unix id to be represented. I might add some more LDAP magic toward this, but that's how it is for now. > The question I'd have, since it's pertinent to what I'm trying to do: > Is it possible to "net rpc vampire" a PDC, then promote Samba to the > PDC and demote the Windows box to the BDC? I don't care if syncing > doesn't work after I've done that, I just need to be able to force > every machine in the domain to recognise that the PDC is, er, not the > PDC any more, but I can't take the PDC out of the domain entirely > because there are other things running on it. You can't demote to BDC - it will try and sync the passwords, and that will fail badly. However, if demoted all the way to domain member, it should work. -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
