MS Exchange

Paul L. Lussier plussier at
Wed Sep 15 13:34:48 GMT 1999

In a message dated: Wed, 15 Sep 1999 05:22:51 +0200
Jan Kratochvil said:

>Exchange simply doesn't start - it originally used some account ("Logon as" of
>the service parameters) from the NT domain but it is not able to use such
>account from Samba domain. I don't know whether it would help to reinstall it
>from scratch but simple move from NT to Samba domain just isn't as simple as
>it looks. And yes, we've played with various group names, even patching Samba
>for new group SIDs, adding Samba users (and "Everybody") to various
>administrative rights in Exchange setup etc. And always it fails to start
>Although several services of it will start, the "Information storage manager"
>just can't cope with it. It maybe has to do something with existing file
>ownership assigned to users of the old NT-driven domain. Would it be possible
>to Samba act as NT server by using the same user SIDs that no client would
>notice the change? I have found that simply naming the domain by the same
>name isn't sufficient, probably SID of the domain takes into the play.

Here are some questions I have.  I think you might be onto something with the 
SID idea.

Are you able to have normal users log in to the Samba PDC controlled domain 
without dealing with Exchange?  If not, then get this working before dealing 
with Excahange (I assume though, that this is not your problem, but it never 
hurts to ask the obvious :)

Was the Exchange server set up prior to of after migration to the Samba PDC 
	If prior to, then the SID thing could be your problem, and I'd try
	re-installing the Exchange server, or, better yet, setting up a new 
	one for testing purposes that only knows about the Samba PDC.

	If after, then did you make sure that it only knows about the Samba 
	PDC and not the old domain controller?

Have you put a packet sniffer on the wire to see what packets are going across 
and maybe find out why it's not authenticating properly?

Have you turned on and checked all possible logging of the exchange server and 
the Samba server.  Granted, the MS logging capability is pretty lame, but the 
Samba server should at least tell you if it's seeing the requests.

I hope this helps somewhat, at least in giving you some ideas.  I'm interested
in the solution of this dilemma if you ever find one.

Good luck!


	    Depression is merely anger without enthusiasm.
     There cannot be a crisis today; my schedule is already full.
  A conclusion is simply the place where you got tired of thinking.
	 If you're not having fun, you're not doing it right!

More information about the samba-ntdom mailing list