[Samba] migration nt4 with ldap problem
Gémes Géza
geza at kzsdabas.sulinet.hu
Sat Mar 20 09:26:40 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Will írta:
| hello
|
| i try to migrate nt4 to samba. the passwd-backend is ldap.
| the migration itself works fine but after that, i cannot logon from the
| windows xp clients
| to the domain. -> i have to rejoin the client to the domain then it works
| is this a bug or feature?
| the sambaNTPassword change then in ldap data base
|
|
| here is part of my smb.conf
| ------------------- snip -----------------
| workgroup = holladie
| preferred master = yes
| domain master = no
| local master = yes
| security = user
| encrypt passwords = true
| passdb backend = ldapsam:ldap://localhost
| domain logons = yes
| logon path = \\%N\profiles\%U
| logon drive = Z:
| logon home = \\%N\%U
| logon script = logon.cmd
| ldap suffix = dc=schmeich,dc=tux
| ldap admin dn = cn=root,dc=schmeich,dc=tux
| ldap user suffix =ou=mitarbeiter
| ldap machine suffix =ou=rechner
| ldap group suffix =ou=gruppen
| ldap ssl = no
| ldap delete dn = no
| add user script = /usr/local/sbin/smbldap-useradd.pl -m "%u"
| delete user script = /usr/local/sbin/smbldap-userdel.pl "%u"
| add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
| delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g"
| add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m
| "%u" "%g"
| set primary group script = /usr/local/sbin/smbldap-usermod.pl -g "%g"
| "%u"
| add machine script = /usr/local/sbin/smbldap-useradd.pl -w -d
| /dev/null -g domcomputers -s /bin/false "%u"
| -----------------snap---------------------------------
|
| here are the steps of my migration
| 1. smbldap-groupadd.pl -g 512 -r 512 domadmins
| smbldap-groupadd.pl -g 513 -r 513 domusers
| smbldap-groupadd.pl -g 514 -r 514 domguests
| smbldap-groupadd.pl -g 515 -r 515 domcomputers
|
| 1. smbd and nmbd don''t run
| 2. net rpc join -S WALDFEE -w HOLLADIE -U administrator%blabla
| 3. net rpc testjoin
| Join to 'HOLLADIE' is OK
| 4. net rpc vampire -S waldfee -U Administrator%blabla
| works fine and sort all user to the right groups
|
| 5. I switch the nt pdc off
|
| 6 . i change "domain master = yes"
|
| 7 . i restart smb and nmb
|
| 8 . i restart the client
|
| 9. i can't login to the domain
|
It seems to me that you have missed one important step:
setting the same Domain SID for your Samba server, that your NT server
had, using net getlocalsid net setlocalsid (Please remember, that all
machines in a Windows Domain have both local security accounts and
Domain security accounts, except the DC, where local security=domain
security).
Cheers,
Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAXA5P/PxuIn+i1pIRAiDnAJsGnGBbWTaKOAebKufJIKY9qE/TaACgmTXr
IPnLoty4RPZzCc5e2oeHcAE=
=JOec
-----END PGP SIGNATURE-----
More information about the samba
mailing list