Hi Gaiseric.
Thanks for your input.
Gaiseric Vandal schrieb:
RVNET\A and RVNET2\A will be completely separate users. But unless the
SID is stored with-in one files itself I would think it would be just a
matter of changing the file permissions on the profile as you described.
Yes, the fact that they are seperate users is clear (and requires the
usage of chown here and there on the server). However, are there any
common situations when the SID is stored somewhere and could make
trouble after shutting the old server down?
The windows 2003 Res Kit tools include a "moveuser" command that may help
with the profile. Once about a time I converted some machines from a
Workgroup to a Domain model. Previously, each computer had a local account
for the primary user (and the server had to have an account for all the
users.) The move user command let me reallocate an "PC1/user1" profile to
"DOMAIN/user1." Although they were local profiles and not roaming.
I had a look at the tool some days ago, but it required Win 2003 and
didn't install on my machine.
You would have to test this out with a test machine and account to be sure.
Definitely.
The other alternative would be to configure the new machine as BDC for the
existing domain (since you already have the LDAP infrastructure in place),
then at some point reverse the PDC and BDC roles. The LDAP server would
still be on the old server. Once you dropped the old DC you could probably
user pbedit -E and pdbedit -I to dump the account data back to TDB.
I think I'll go with the "manual copy" but thanks for the hint.
This may also be a time to look at moving to Samba 3.2 or 3.4 (maybe on
Fedora) if you expect to support Win 7 machines.
Thanks for reminding me, the first Windows 7 systems will be in the
network soon. I just upgraded to 3.4.3 using the sernet rpms and it
seems to work fine.
Yours,
Dominik
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Dominik Rau
Sent: Tuesday, November 24, 2009 5:25 PM
To: [email protected]
Subject: [Samba] Moving a PDC
Hi list.
We're running a Debian Etch Server with Samba 3.0.24 as primary domain
controller for a XP dominated network. For various reasons, we're
migrating our server to a new machine running on Centos 5.4 (and Samba
3.0.33). Additionally, I decided to get rid of our messy LDAP setup, as
it is quite a pain to use and IMHO overkill for our small software shop
(~15 machines / users), so I've set up the new system to work with
tdbsam instead.
So basically, we currently got two fully working domain controllers in
our network, one serving RVNET (old) and the other RVNET2(new) , RVNET
with an ldap backend and users A,B,C... and the new RVNET2 with equally
named "plain" Linux/samba users-Users A, B, C.Adding new users to the
new domain works fine, adding new machines and storing profiles too.
Now the question is: How do I move the profiles from the old machine to
the new one correctly? And how can I convince Windows XP to ignore the
fact, that user RVNET\A is now user RVNET2\A. My naive approach would be...
* Make sure all users store their profiles on the server and log off.
* Copy the contents of /samba/profiles from old to new machine and
adjust user right properly to local system users.
* Get in front of every machine, login as local administrator, move the
old Documents and Settings\A directory out of the way (not deleting,
just to be sure)
* Leave the old and join the new domain, reboot.
* Logon as RVNET2\A, fetching my "old" profile from the server and go on
doing my work as in the old domain.
The fact that I might to have reset rights on the new machine (e.g. User
RVNET2\A might have administrator rights on a particular machine) and
that my users must play with their home directories is not a big issue
in our small environment and acceptable. The big advantage in my opinion
would be that I can move one machine/user after another and it involves
only tools that I know.
However, I googled quite a lot the last few days and found many posts
etc. about wrong SIDs in the registry, NTUSER.dat, getting in and out a
domain, various Windows tools for related tasks, but either it didn't
match my situation or the tools didn't work on my system, to expensive,
overkill etc. ...
So, the bottomlineof all this: Does my approach work? Is it ok to do
what I just described (considering the fact that I accept to do some
administrative work on every machine)? If not, what else to consider /
change?
Thanks a lot for your time,
Dominik
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
