[Samba] migration nt4 with ldap problem

Gémes Géza geza at kzsdabas.sulinet.hu
Sat Mar 20 09:26:40 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas Will írta:
| hello
|
| i try to migrate nt4 to samba. the passwd-backend is ldap.
| the migration itself works fine but after that, i cannot logon from the
| windows xp clients
| to the domain. -> i have to rejoin the client to the domain then it works
| is this a bug or feature?
| the sambaNTPassword change then in ldap data base
|
|
| here is part of my smb.conf
| ------------------- snip    -----------------
|   workgroup = holladie
|   preferred master = yes
|   domain master = no
|   local master = yes
|   security = user
|   encrypt passwords = true
|   passdb backend = ldapsam:ldap://localhost
|   domain logons = yes
|   logon path = \\%N\profiles\%U
|   logon drive = Z:
|   logon home = \\%N\%U
|   logon script = logon.cmd
|   ldap suffix = dc=schmeich,dc=tux
|    ldap admin dn = cn=root,dc=schmeich,dc=tux
|    ldap user suffix =ou=mitarbeiter
|    ldap machine suffix =ou=rechner
|    ldap group suffix =ou=gruppen
|    ldap ssl = no
|    ldap delete dn = no
|    add user script = /usr/local/sbin/smbldap-useradd.pl  -m  "%u"
|    delete user script = /usr/local/sbin/smbldap-userdel.pl "%u"
|    add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
|    delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g"
|    add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m
| "%u" "%g"
|    set primary group script = /usr/local/sbin/smbldap-usermod.pl -g "%g"
| "%u"
|    add machine script       = /usr/local/sbin/smbldap-useradd.pl -w  -d
| /dev/null -g domcomputers  -s /bin/false "%u"
| -----------------snap---------------------------------
|
| here are the steps of my migration
| 1.  smbldap-groupadd.pl -g 512 -r 512 domadmins
|     smbldap-groupadd.pl -g 513 -r 513 domusers
|     smbldap-groupadd.pl -g 514 -r 514 domguests
|     smbldap-groupadd.pl -g 515 -r 515 domcomputers
|
| 1.  smbd and nmbd don''t run
| 2.  net rpc join -S WALDFEE -w HOLLADIE -U administrator%blabla
| 3.  net rpc testjoin
|     Join to 'HOLLADIE' is OK
| 4.  net rpc vampire -S waldfee -U Administrator%blabla
|      works  fine and sort all user  to the right groups
|
| 5. I switch the nt pdc off
|
| 6 . i change   "domain master = yes"
|
| 7 . i restart smb and nmb
|
| 8 . i restart the client
|
| 9. i can't login to the domain
|
It seems to me that you have missed one important step:
setting the same Domain SID for your Samba server, that your NT server
had, using net getlocalsid net setlocalsid (Please remember, that all
machines in a Windows Domain have both local security accounts and
Domain security accounts, except the DC, where local security=domain
security).

Cheers,

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAXA5P/PxuIn+i1pIRAiDnAJsGnGBbWTaKOAebKufJIKY9qE/TaACgmTXr
IPnLoty4RPZzCc5e2oeHcAE=
=JOec
-----END PGP SIGNATURE-----

More information about the samba mailing list