Bug 3263 - 'net rpc vampire' migrates machine accounts though they may be useless
Summary: 'net rpc vampire' migrates machine accounts though they may be useless
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Documentation (show other bugs)
Version: unspecified
Hardware: All All
: P3 minor (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba Documentation QA Contact~
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-15 05:40 UTC by Christoph Peus
Modified: 2020-12-11 12:18 UTC (History)
0 users

See Also:


Attachments
patch to make that clear (971 bytes, patch)
2014-06-13 12:23 UTC, Björn Jacke
vl: review+
obnox: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Peus 2005-11-15 05:40:58 UTC
When migrating from an Active Directory server - usually running in "mixed mode" - the maschine accounts are migrated too, though they are not usable afterwards, if the clients are Win2k/XP. Please add this information to the output of "net help rpc vampire" and add an "skip maschine accounts" option to net rpc vampire.
Thanks!

Christoph
Comment 1 Guenther Deschner 2006-01-12 07:34:41 UTC
What makes you think the machine accounts are useless afterwards?
Comment 2 Christoph Peus 2006-01-12 08:05:39 UTC
(In reply to comment #1)
> What makes you think the machine accounts are useless afterwards?

After the migration process you have to rejoin every client to the domain, which recreates the computer accounts, so the old computer accounts are useless. This is the result of a discussion on samba.general in november. Quote:

---
The "net rpc vampire" migration process will migrate all accounts from ADS to 
Samba-3 (NT4-style domain), but all machines will need to re-join the domain.

NT4 domain accounts can be migrated without need for domain members to be 
rejoined to the domain. The "net rpc vampire" is inherently an NT4-style 
migration process. 

Samba-3 is not capable of being an ADS server, hence the need for domain 
members to be re-joined to the domain.

(John H Terpstra)
---

Do you agree?
Comment 3 Björn Jacke 2014-06-13 12:23:29 UTC
Created attachment 10031 [details]
patch to make that clear
Comment 4 Björn Jacke 2014-07-01 09:55:57 UTC
Karo, can you review the patch and check in to master if okay for you?
Comment 5 Karolin Seeger 2014-07-07 07:43:45 UTC
(In reply to comment #4)
> Karo, can you review the patch and check in to master if okay for you?

I added a review request for Günther, because I am not sure.
Comment 6 Björn Jacke 2014-07-07 10:42:19 UTC
the patch is checked in to master now. Karo, it's up to you to cherry pick to release brnaches or just close the bug now...
Comment 7 Karolin Seeger 2014-07-13 18:10:08 UTC
(In reply to comment #6)
> the patch is checked in to master now. Karo, it's up to you to cherry pick to
> release brnaches or just close the bug now...

Pushed to autobuild-v-4-[0|1]-test.
Comment 8 Karolin Seeger 2014-07-17 18:30:57 UTC
(In reply to comment #7)
> (In reply to comment #6)
> > the patch is checked in to master now. Karo, it's up to you to cherry pick to
> > release brnaches or just close the bug now...
> 
> Pushed to autobuild-v-4-[0|1]-test.

Pushed to v4-[0|1]-test.
Closing out bug report.

Thanks!