[Samba] Migrated PDC to new server

Matt Ingram mingram at cbnco.com
Fri Jun 23 15:33:27 GMT 2006 

I just migrated my SMB pdc to a new server (was running 3.0.21c, now 
3.0.22).  Some things seems to be ok. net rpc list; net rpc testjoin 
seem to work. But if I attempt to join a windows system to the domain I 
get "The following error occured while attempting to join to domain 
"DOMAINNAME": The user name could not be found".   The machine name is 
getting loaded into ldap.

LDAP seems to be fine, getent passwd/group returns all the ldap users; 
net groupmap list returns all the groups. I can shell in with ldap accounts/

I copied the old server's /etc/samba to the new server and I set the new 
servers SID to be that of the old server.

Also, I have a logon script on my BDC and my PDC.  The BDC script runs 
on the client boot up, but the PDC one isn't running.

Any ideas?

SMB.CONF
[global]
        workgroup = DOMAINNAME
        netbios name = HOME
        server string = HOME
        passdb backend = ldapsam:ldap://ldap.domain
        username map = /etc/samba/smbusers
        printcap name = cups
        enable privileges = Yes
        log level = 2
        add user script = /usr/local/sbin/smbldap-useradd -m '%u'
        delete user script = /usr/local/sbin/smbldap-userdel %u
        add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
        delete group script = /usr/local/sbin/smbldap-groupdel '%g'
        add user to group script = /usr/local/sbin/smbldap-groupmod -m 
'%u' '%g'
        delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x '%u' '%g'
        set primary group script = /usr/local/sbin/smbldap-usermod -g 
'%g' '%u'
        add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
        logon script = scripts\logon.bat
#       logon path = \\%L\Profiles\%U
        logon path =
        logon drive = H:
        logon home = \\%L\%U
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins server = 172.30.30.25
        ldap suffix = ou=Accounts,dc=company,dc=com
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=People
        ldap group suffix = ou=Posix,ou=Groups
        ldap idmap suffix = ou=idmap
        ldap admin dn = cn=Manager,dc=company,dc=com
        ldap ssl = no
        ldap passwd sync = No
#       idmap uid = 15000-20000
#       idmap gid = 15000-20000
        printing = cups
        map acl inherit = Yes


here's my log.smbd when I tried to add the computer:

[2006/06/23 11:28:27, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2006/06/23 11:28:27, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2006/06/23 11:28:27, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2006/06/23 11:28:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: root
[2006/06/23 11:28:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2215)
  init_group_from_ldap: Entry found for group: 512
[2006/06/23 11:28:27, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [Administrator] -> 
[root] -> [root] succeeded
[2006/06/23 11:28:28, 2] smbd/server.c:exit_server(614)
  Closing connections
[2006/06/23 11:28:28, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2006/06/23 11:28:28, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2006/06/23 11:28:28, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2006/06/23 11:28:28, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: root
[2006/06/23 11:28:28, 2] passdb/pdb_ldap.c:init_group_from_ldap(2215)
  init_group_from_ldap: Entry found for group: 512
[2006/06/23 11:28:28, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [Administrator] -> 
[root] -> [root] succeeded
[2006/06/23 11:28:29, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
  Returning domain sid for domain DOMAINNAME -> 
S-1-5-21-3186883984-1813041273-1898769360
[2006/06/23 11:28:30, 2] smbd/server.c:exit_server(614)
  Closing connections

thanks in advance.




-- 
Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited
\m/

More information about the samba mailing list