[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet
Connection Wizard / Identities
John H Terpstra
jht at samba.org
Fri Nov 7 19:07:21 GMT 2003
On Fri, 7 Nov 2003, Jeff Jones wrote:
> > Yes. You should have saved the Domain SID before migration, then restored
> > it on Samba-3 using the net utility. That way your clients would have been
> > quite happy.
>
>
> Ah, ok. Is there a document explaining how to save and restore the SID? I
> saved the contents of /etc/samba before performing the upgrade. Can I still
> extract the SID and restore it into my Samba 3? I still have some client
> boxes I haven't joined to the new domain.
The SID is stored in the secrets.tdb file. If your server name is the same
as it was on the 2.2.x configuration, then you can shutdown your samba,
save all /etc/samba files and the tdb files in the cache area, replace
secrets.tdb and smb.conf, start samba and then use the "net" utility to
get the SID. I know this is messy, but it saves the need to go back to the
old version. Of course, you will then need to stop samba and restore the
new files. Then you can change the SID using the "net" utility.
> Is there any other way, at this point, to allow my domain users write access
> to their identities / accounts without them being administrators? A way of
> moving forward with my new SID?
You can use the "profiles" tool to replace the old SID in the profiles
with the new domain SID.
> Why isn't Windows allowing the users access to their internet settings /
> identities, even though they're in the new domain and the users' profiles
> have been reloaded from the server? Is there any way to fix it?
Sorry. You'd need to provide more information on this. Best to debug what
is happening. I do not have time to help with that right now.
- John T.
>
> Thanks again,
> Jeff
>
>
> ----- Original Message -----
> From: "John H Terpstra" <jht at samba.org>
> To: "Jeferee" <jeferee at hotmail.com>
> Cc: <samba at lists.samba.org>
> Sent: Friday, November 07, 2003 1:15 AM
> Subject: Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet
> Connection Wizard / Identities
>
>
> > On Thu, 6 Nov 2003, Jeferee wrote:
> >
> > > Hello,
> > >
> > > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this
> > > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0
> > > RPM from samba.org, then putting my local changes back into smb.conf.
> > > I have also migrated my smb users from smbpasswd to tdbsam with the
> > > pdbedit utility as discussed in the HOWTO.
> > >
> > > It seems I have to rejoin my client boxes (windows 2000 pro) to the
> > > domain in order to log in, and then I have to blow away my local users
> > > on each client machines to allow the roving profiles to be reloaded at
> > > login.
> > >
> > > Also, I have had to add the following to my smb.conf file to use tdbsam
> > > successfully.
> > >
> > > logon home = \\%L\%U
> > > logon path = \\%L\%U\profile
> > >
> > > I had to do this in order to get the correct string to come up in
> > > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the
> > > defaults cuased %N to show in place of the server name) - when I used
> > > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things
> > > worked OK.
> > >
> > > I also had to mess around a bit with 'net groupmap' modify/list to get
> > > the standard Windows groups to map properly to UNIX groups, as discussed
> > > in the HOWTO. These seemed to work fine under 2.2.7.
> > >
> > > Everything seems to work OK now, except for the following problems.
> > > Can anyone tell me what I did wrong upgrading with respect to the
> > > following 3 issues:
> > >
> > > 1) I have to rejoin each client Windows 2000 box to the domain or logins
> > > fail (says the client is not in the domain) - did the machines' SIDs
> > > change for some reason? Server SID?
> >
> > Yes. You should have saved the Domain SID before migration, then restored
> > it on Samba-3 using the net utility. That way your clients would have been
> > quite happy.
> >
> > >
> > > 2) I have to blow away local roving profiles, then log in to get the
> > > roving profiles to reload from the server - error says the profile for
> > > that user already exists on the server, but has the 'wrong security'.
> > > Loads temp settings. SID problem?
> >
> > Correct. See comment for Q1.
> >
> > >
> > > 3) After rejoining and reloading, regular Domain Users do not have the
> > > ability to change their Internet Connection Settings - The "Internet
> > > Connection Wizard" icon recreates at each login, and when the user tries
> > > to access it, they get an access denied error. Changes to internet
> > > settings from IE are not recorded, and it complains about 'no
> > > identities'. The users are properly listed in the "Domain Users" group.
> > > If I put the user (or Domain Users) in the Admininistrator group on the
> > > client boxes, he successfully gets his previously set settings (home
> > > page, etc) at login.
> >
> > Yes. Correct.
> >
> > > Thank you, and great job on 3.0!
> >
> > Glad to hear that the documentation was useful. Want to send me any
> > updates for it?
> >
> > Cheers,
> > John T.
> > --
> > John H Terpstra
> > Email: jht at samba.org
> >
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list