[K12OSN] Moving the primary LDAP/PDC functions

Craig White craig at tobyhouse.com
Fri Oct 12 23:17:53 UTC 2007 

On Fri, 2007-10-12 at 19:06 -0400, David Hopkins wrote:
> I have been trying to figure out how to move the primary LDAP/PDC
> server to a system which only acts as the LDAP/SMB PDC.  My biggest
> concern is that I will have to rejoin all the Windows machines to the
> domain, and also have other DOMAIN related issues. 
> 
> What I have tried is to use the smbldap-installer scripts.  Since I am
> using CentOS5, the script doesn't quite work for installing the
> correct rpms. It uses the dag repositories. However, I removed the dag
> rpms and replaced them with rpmforge rpms for those packages.  At that
> point, I had all the required packages installed. Then, I used net
> getlocalsid on the existing LDAP/PDC to get the DOMAIN sid.  I then
> used net setlocalsid on the system that is to become the new PDC.
> Finally, I ran smbldap-configure to enter the rest of the information.
> In particular, I gave the new system the same DOMAIN information. 
> 
> I have run slapcat on the existing LDAP server with the intent of
> importing everything to the new server, but I have duplicate entries.
> If I delete the ldif entries from the slapcat'ed file that are the
> same as what the smbldap-installer script created and then sladadd
> what is left, this should leave me with a new system that can act as
> the new LDAP/SMB PDC.  I checked the DOMAIN ldif info and it looks the
> same.  I tested with one account, and I can log in on Linux with it.
> Without activating smb though, I can't verify the Windows login. 
> 
> So,  before I do this, I wanted to ask the list if they see anything
> wrong with this approach, or is there a simpler approach?  For
> instance, I have a slave ldap server running as well.  Is it possible
> to just make the slave become the master, and also make it the PDC
> server as well?  In this case, moving the ldap/pdc is just creating a
> slave replica and promoting it. I haven't seen any notes on how to do
> this though. 
----
dag/rpmforge...
# rpm -q smbldap-tools
smbldap-tools-0.9.4-1.el5.rf

I would clean out whatever you have in abortive attempts of importing
and slapadd the whole enchilada from a slapcat on the current ldap
server...shouldn't be all that difficult. That would prevent having to
re-join Windows workstations.

I would think that the first thing to do would be to set up smb.conf on
the new system as a BDC (primary master = no), then join that system to
the domain...then slapcat, then slapadd on the new system, change
smb.conf on the new system and restart samba on the new system.

Obviously you have to set up smbldap-tools properly on the new system as
well.

-- 
Craig White <craig at tobyhouse.com>

More information about the K12OSN mailing list