[Samba] Three reasons for staying with Microsoft PDC's
Andrew Bartlett
abartlet at samba.org
Sat Jul 20 07:38:02 GMT 2002
Tim Allen wrote:
>
> There appear to be significant hurdles to migrating from a Microsoft to
> Samba PDC environment, something which I've been trying to do now for many
> months. The difficulties arise in moving user's accounts over to Samba
>
> 1. Local profiles. It does not seem to be possible to move from an NT4 PDC
> to a Samba PDC while retaining local profiles. NT4/W2k machines consider
> logons to the Samba PDC to be new users, even when the Samba machine SID is
> the same as the NT4 SID, and machine accounts have been ported over using
> pwdump2.
Samba does not send back 'null' strings easily - if the passdb comes up
with 'null' it uses the default. Perhaps by setting 'logon path' etc to
"" it might help. Or it might not.
> OK, so let's try....
>
> 2. Roaming profiles. Although these work correctly with NT4 workstations,
> there remains an unresolved "Access Denied" problem on logons with W2k
> machines, whether or not "nt acl support = no" is present in the [profiles]
> section of smb.conf. Various postings on the lists from people having this
> problem but no solutions.
We will need a bit more detail to get anywhere on this.
> OK, bite the bullet and have every user start from a blank profile...
>
> 3. This results in various apps on the workstations choking because they now
> can't find registry keys.
>
> OK, re-install Windows on every workstation and all the apps. Alternatively
> forget about any of this, just keep the NT4 PDC running and enjoy a quiet
> life.
Samba's PDC support is not complete, and migration support is almost
compleatly lacking. This is a simple matter of devloper time. Without
a commercial backer for Samba's PDC support, it is left to those with
free time to put at the issue.
For Samba HEAD, thats mostly me ATM - and others when they get time. We
have new developers starting on PDC stuff, but it takes time, and this
stuff is *complex*.
(Samba's file and print code had the support of companies like Quantum
and HP - and in particular their QA departments. Never underestimate
the power of a good QA department on a product).
> I've trawled the lists over the last few months trying to find answers to
> this dilemma, as well as positing questions (back to last December)
> specifically on 1, which for us is by far the simplest solution. No
> responses, well not recently, and I don't know whether that's because
>
> a. The answer's blindingly obvious to everyone else.
> b. Nobody does this kind of thing.
Only Samba HEAD has even a start of a solution on the RID issue, so its
really a matter of 'we havn't don't much here yet'. I hope this stuff
will improve.
> c. Nobody has a solution.
> d. It's impossible anyway.
We are working on it - slowly. :-)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list