On Fri, 2005-11-11 at 07:46 -0500, Pablo Chamorro C. wrote: > >> Somebody of you know if this process can be made transparently without > >> rejoin every PC to the domain? how?. We have disabled the roaming profiles > >> option. We have some 100 clients/users. > > ---- > > Nowhere do you say what type of system is currently the PDC and that > > probably matters. > > Is a samba 3.0.5-2 one under RH 9.0. This domain was built from scratch, > without any NT to Samba migration. Now we are changing the local > authentication for one based on openldap. > > The person who is leading the migration says that when a windows machine > is joined a password in the field "sambaNTPassword" is created and the > rejoin process is required in order to register that password in openldap. > That's what I understand. > > But, e.g. we have another PDC with FC4 and samba 3.0.15, so the question > was in general, but if there is an especific answer it is worthful for us. > > I tried to post this query to the openldap list but the administrator > clasified my email as 'off topic'! ---- Actually, the passdb you use is not of consequence to this issue. A machine account on a Windows domain is somewhat like a user account in that there is an SID and a password that are readily understood by both the machine joined to the domain and the domain controller(s). That password is going to be stored on the domain controller in whichever form of passdb a samba DC is using.
Each domain would necessarily have a different SID and that SID affects all systems and users. If you have 2 domains and a number of Windows computers attached to both domains and you want to consolidate into one domain, there really is little choice but to join the Windows computers to the one remaining domain as there is no simpler way to change the SID of the machine to the other. If you have user profiles that need to be saved/migrated from one domain to the other, see the samba documentation for a comprehensive discussion on migrating user profiles. Thus, this never was an LDAP question but if you are talking about the openldap mail list, they are very provincial that the discussions on that list are specifically about their software and not about integration. If you want mailing lists where ldap integration is appropriate, you might want to check [email protected] [1] and ldap-interop [2] Craig [1] LDAP UMICH http://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap&text_mode=0% 20 [2] LDAP-interop mailing list [EMAIL PROTECTED] http://lists.fini.net/mailman/listinfo/ldap-interop -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
