[Samba] Problems when migrating from an old machine to a new one.
L.P.H. van Belle
belle at bazuin.nl
Tue Dec 2 15:47:22 GMT 2008
why dont you give the new pdc the same SID as the old domain then ?
on OLD-PDC
net get local sid <domain>
on new PDC
net setlocalsid SID
good luck.
>-----Oorspronkelijk bericht-----
>Van: BOURIAUD David [mailto:david.bouriaud at ac-rouen.fr]
>Verzonden: dinsdag 2 december 2008 16:22
>Aan: L.P.H. van Belle
>Onderwerp: Re: [Samba] Problems when migrating from an old
>machine to a new one.
>
>Le Tuesday 02 December 2008, vous avez écrit :
>
>Hi !
>Thanks for your quick help. I've checked all you've said, but
>everything is as
>you expect it to be.
>
>Here are different elements of my setup :
>smb.conf contains :
>
> preferred master = True
> domain master = True
> logon path = \\%L\profiles\%U
> logon drive = P:
> nt acl support = Yes
> profile acls = Yes
> passdb backend = ldapsam:ldap://ldap.server.adress/
> ldap passwd sync = Yes
>
>[profiles]
> path = /smbhome/profiles/
> read only = No
> store dos attributes = Yes
> browseable = No
> writeable = Yes
> create mask = 0600
> directory mask = 0700
> guest ok = no
> printable = no
> hide files = /desktop.ini
>
>[profile]
> path = /smbhome/profiles/%U
> browseable = Yes
> writeable = Yes
> create mask = 0700
> directory mask = 0700
>
>This should be sufficient and working. The fact is that I
>rsync the profiles
>from the old machine to the new one, and do a chown/chmod
>afterward, but
>consider that the previous PDC (let's call him OLD-PDC) have a
>SID (called
>OLD-SID) and the new PDC (let's call him NEW-PDC) have a new
>SID (called NEW-
>SID).
>If I'm not mistaken, what I want to do can't be accomplished
>with a poor rsync
>between these machines, because when I pick up the profile on
>OLD-PDC and copy
>all the files in /smbhome/profiles/user/, the file named
>NTUSER.DAT contains
>references to OLD-SID. I've tried out to change it's content
>with the command
>I explained in my previous mail : profiles -c OLD-SID -n
>NEW-SID NTUSER.DAT
>but it doesn't work.
>Indeed, if I check everything after having copied NTUSER.DAT.new over
>NTUSER.DAT, with profiles -v NTUSER.DAT | grep OLD-SID, I
>stille find entries
>in it.
>So, I guess that the command I type in is not enough.
>You're right, this have to do with file rights, but not on the
>filesystem
>itself. So far as I understand what's involved in the authentification
>process.
>This is hard to guess, because even with a lot of verbosity in
>log files (I've
>tried out log level = 10 in smb.conf), the error isn't shown).
>And on the
>workstation, the domain user isn't allowed to view the
>security log file.
>I'm stuck at this point and don't know how to solve it...
>
>> Hi,
>>
>> after you've moved you profile folder,
>> check every right.
>> set 777 on profile it zelf.
>> set create right to 700 for every new folder in the profiles share.
>> check you users profile folder rights.
>>
>> sorry but this is a permission problem.
>>
>> my profiles share.
>> [profiles]
>> path = /home/samba/profiles
>> comment = Profiles
>> read only = no
>> create mask = 0600
>> directory mask = 0700
>> browseable = Yes
>> guest ok = Yes
>> csc policy = disable
>> force user = %U
>> valid users = %U @"Domain Admins"
>>
>> /home/samba/profiles has 777 as right.
>>
>> when this is done, correct your users profiles
>>
>> cd /home/samba/profiles
>> for x in $( ls );
>> do
>> chown -R $x:"Domain Users" $x
>> chmod -R 700 $x
>> done
>>
>> this should do it.
>>
>
More information about the samba
mailing list