[Samba] NT4 PDC Account transfer

Sohail Hasan samba at etilizepak.com
Thu Jan 22 13:59:43 GMT 2004 

Craig White wrote:

>On Wed, 2004-01-21 at 22:31, Sohail Hasan wrote:
>  
>
>>Beast wrote:
>>
>>    
>>
>>>* Sohail Hasan <samba at etilizepak.com> nulis:
>>>
>>> 
>>>
>>>      
>>>
>>>>Hi All,
>>>>
>>>>I am following the procedure given in Samba-HOWTO for the migration to 
>>>>samba from NT4 PDC,  however in the account transfer from the PDC step I 
>>>>am getting the following failure when running the command:
>>>>
>>>>net rpc vampire -S server -U administrator%passwd
>>>>
>>>>Could not retrieve domain trust secret
>>>>
>>>>Has anybody got any idea of what else is needed here.
>>>>   
>>>>
>>>>        
>>>>
>>>Did you join this samba (as bdc) before running rpc vampire?
>>>Did you set samba to have same SID as NT domain?
>>>
>>>net rpc getsid -S "NTname" -Uadministrator%passwd
>>>
>>>
>>>--beast
>>>
>>>      
>>>
>>Now when I run rpc vampire I get this:
>>
>>Fetching DOMAIN database
>>SAM_DELTA_DOMAIN_INFO not handled
>>Creating unix group: 'Domain Admins'
>>Creating unix group: 'Domain Users'
>>Creating unix group: 'Domain Guests'
>>Creating unix group: 'PROGRAMMER'
>>Creating unix group: 'Mohicans'
>>Creating unix group: 'NDA'
>>Creating account: Administrator
>>Could not create posix account info for 'Administrator'
>>Creating account: Guest
>>Could not create posix account info for 'Guest'
>>Creating account: testuser
>>Could not create posix account info for 'testuser'
>>[2004/01/22 10:08:04, 0] passdb/pdb_smbpasswd.c:build_smb_pass(1146)
>>  build_sam_pass: Failing attempt to store user with non-uid based user RID.
>>.
>>.
>>.
>>Could not create posix account info for 'lab1$'
>>Creating account: SABBASI$
>>Could not create posix account info for 'lab2$'
>>Creating account: SIDDIQUI$
>>Could not create posix account info for 'john$'
>>Creating account: MAMAN$
>>Could not create posix account info for 'peter$'
>>[2004/01/22 10:08:06, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(591)
>>  Could not find global group 512
>>[2004/01/22 10:08:06, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(591)
>>  Could not find global group 513
>>[2004/01/22 10:08:06, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(591)
>>  Could not find global group 514
>>.
>>.
>>.
>>Creating unix group: 'Debugger Users'
>>Fetching BUILTIN database
>>SAM_DELTA_DOMAIN_INFO not handled
>>Creating unix group: 'Account Operators'
>>Creating unix group: 'Administrators'
>>Creating unix group: 'Backup Operators'
>>Creating unix group: 'Guests'
>>Creating unix group: 'Print Operators'
>>Creating unix group: 'Replicator'
>>Creating unix group: 'Server Operators'
>>Creating unix group: 'Users'
>>
>>The question is that where has it created the users and groups because 
>>there are no new entries in /etc/passwd and /etc/group files. Do I need 
>>to run mapping between NT groups and UNIX before running "vampire" command.
>>    
>>
>---
>where is a very good question since you give us absolutely no clues as
>to the type of backend passdb you are using.
>
>Clearly, it's not properly set up to create users - if LDAP, you need to
>make that work first, get the SID, set it, put it into the
>smbldap_conf.pm file and fix that file to retain your users properly
>(also - you will need to check your nsswitch.conf and ldap.conf) and set
>your binddn password with the command smbpasswd -w BINDDN_PASSWORD
>
>If you are using some other backend passdb, you will need to follow
>those directions.
>
>Craig
>  
>
Craig,

What I want to do is to make use of the /etc/samba/smbpasswd and the 
traditional unix /etc/passwd for authentication. Now to narrow down the 
problem I am first trying to make the linux system as a working PDC. I 
performed all the necessary steps required for samba PDC like machine 
account creation, user account creation in both /etc/passwd and 
smbpasswd file, when I am trying to join the domain from the WIN2K 
system it is not successful, the WIN2K Is giving user account not 
correct and login credential erros and I am getting this in my log files:

  netbios connect: local=linbdc remote=shasan, name type = 0
[2004/01/22 18:38:01, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.0.3)
[2004/01/22 18:38:01, 2] smbd/reply.c:reply_special(93)
  netbios connect: name1=LINBDC          name2=SHASAN
[2004/01/22 18:38:01, 2] smbd/reply.c:reply_special(100)
  netbios connect: local=linbdc remote=shasan, name type = 0

 and in log.nmbd

 process_logon_packet: Logon from 192.168.0.3: code = 0x12
[2004/01/22 18:39:03, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.0.3: code = 0x12
[2004/01/22 18:39:03, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.0.3: code = 0x12
[2004/01/22 18:39:03, 1] nmbd/nmbd_processlogon.c:process_logon_packet(95)
  process_logon_packet: Logon from 192.168.0.3: code = 0x7

However I can access the system as well as the defined shares on the 
linux system from the Explorer.

-shasan

More information about the samba mailing list