short at ucw.cz
Wed Sep 15 14:13:25 GMT 1999
> In a message dated: Wed, 15 Sep 1999 05:22:51 +0200
> Jan Kratochvil said:
> >Exchange simply doesn't start - it originally used some account ("Logon as" of
> >the service parameters) from the NT domain but it is not able to use such
> >account from Samba domain. I don't know whether it would help to reinstall it
> >from scratch but simple move from NT to Samba domain just isn't as simple as
> >it looks. And yes, we've played with various group names, even patching Samba
> >for new group SIDs, adding Samba users (and "Everybody") to various
> >administrative rights in Exchange setup etc. And always it fails to start
> >Although several services of it will start, the "Information storage manager"
> >just can't cope with it. It maybe has to do something with existing file
> >ownership assigned to users of the old NT-driven domain. Would it be possible
> >to Samba act as NT server by using the same user SIDs that no client would
> >notice the change? I have found that simply naming the domain by the same
> >name isn't sufficient, probably SID of the domain takes into the play.
> Here are some questions I have. I think you might be onto something with the
> SID idea.
> Are you able to have normal users log in to the Samba PDC controlled domain
> without dealing with Exchange? If not, then get this working before dealing
Yes, perfectly, integration with NIS+, password syncing, roaming profiles,
just wonderfully working for NT, 9x, , except .. ehm .. that Exchange.
> with Excahange (I assume though, that this is not your problem, but it never
> hurts to ask the obvious :)
OK, I agree, sorry to not to point this out obviously.
> Was the Exchange server set up prior to of after migration to the Samba PDC
Prior. I'll note one mail I got about it:
From: Aaron Knauf <aaron at compedge.co.nz>
Organization: Computing Edge Limited
X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.12 i686)
I've not done the samba thing with exchange before, but I have moved exchange from
one domain to another - and it is definitely a re-installation job. The domain SID is
the culprit. I know of no way to fix this with out a re-install.
> If prior to, then the SID thing could be your problem, and I'd try
> re-installing the Exchange server, or, better yet, setting up a new
> one for testing purposes that only knows about the Samba PDC.
Yes, it will be probably the only possible solution as I see. I just have some
fear with complete settings and data transfer to be done then from 'old' to 'new'
> If after, then did you make sure that it only knows about the Samba
> PDC and not the old domain controller?
The old domain controller was, of course, shut down during the testing (in
night hours, some backups failed but who cares about them :-) ).
> Have you put a packet sniffer on the wire to see what packets are going across
> and maybe find out why it's not authenticating properly?
I was thinking about it but I have been reading precisely (a lot of time) debug
logs at level 100, there was no problem from Samba, it authenticated OK but
obviously some internal thing Exchange occured then resulting from the returned
data from the server.
> Have you turned on and checked all possible logging of the exchange server and
> the Samba server. Granted, the MS logging capability is pretty lame, but the
> Samba server should at least tell you if it's seeing the requests.
Logging on Samba server tried (above), logging on Exchange was not yet tried, there
were no time remaining so we had to switch over the network to NT PDC. I've
said that not all the possibilities were investigated, I just wanted to hear whether
at least one person out there done it successfuly to not to bother with
impossible task. BTW I just got the one response from Aaron Knauf noted above
so I still thinks that it probably requires reinstallation and settings/data
Personally I think that the problem is that some vital files of Exchange
are owned by the original NT user Exchange account and by logging Exchange
as someone else it no longer has the needed permission for its local files.
But I don't know how to solve it, I'm not much NT-experienced.
Although it is not the exact error code we got (I don't have the access now
to it), on:
4. Go to User Manager for Domains.
5. Click on Policies from the title bar menu, and select User Rights.
6. Select the option for Advanced User Rights.
7. In the drop-down list, verify that the following rights have been granted to the service account:
Act as part of the operating system
Back up files and directories
Log on as a service
Restore files and directories
But when User manager functionality is not yet implemented in Samba, is there
any possibility to set it in Samba server itself (even in its sources if it
is just tweaking some Samba tables).
> I hope this helps somewhat, at least in giving you some ideas. I'm interested
> in the solution of this dilemma if you ever find one.
Thanks for help, without getting Exchange it is not really possible to switch
to Samba PDC and NIS/NT synchronization still continues as a nightmare.
More information about the samba-ntdom