Web lists-archives.com

Re: [Samba] FW: LDAP getent issues




On Sun, 8 Apr 2018 10:39:41 +0000
Praveen Ghimire <PGhimire@xxxxxxxxxxxxxx> wrote:

> Hi Rowland,
> 
> If we need to shut the NT4 PDC down after the migration it makes a
> lot of sense to separate the roles of the existing NT4 PDC. Hence why
> we are adding a new Samba box with a view that it becomes the PDC and
> the existing PDC become a member server. The main reasons is that it
> has a lot of files which cannot be moved easily.

There you go, I said don't refer to an AD DC as a PDC and the first
thing you do, call an AD DC a PDC.
A PDC and an AD DC are TOTALLY different things, what you have at the
moment is a PDC, what you will end up with, after the classicupgrade,
is an AD DC. If you then add another DC to the AD domain, you will not
have a PDC and a BDC, you will have TWO DCs. All DCs are equal EXCEPT
for the FSMO roles (there are 7 of these) and these can be shared out
amongst your DCs. You could have seven DCs, each holding a FSMO role
and whilst one of the roles is the 'PDC emulator role', NONE of the DCs
would be a PDC, they would all just be DCs.

> 
> So the question is with the new PDC we stick with TDB? Separate the
> roles, migrate to AD and shut the PDC down. Then join the member
> server to AD.
> 

Not a problem. I take it your users and groups have uidNumbers &
gidNumbers, so set up the old PDC as a Unix domain member using the
winbind 'ad' backend. 

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba