MS Exchange

Paul L. Lussier plussier at
Wed Sep 15 15:15:25 GMT 1999

In a message dated: Wed, 15 Sep 1999 16:13:25 +0200
Jan Kratochvil said:

>> Was the Exchange server set up prior to of after migration to the Samba PDC 
>> domain?
>  Prior. I'll note one mail I got about it:
[...mail snipped...]

Well, I'd say that pretty much spells it out :) Try setting up a test network 
with the Samba PDC, then install a new Exchange server which only knows about 
this PDC. If you set the test network up you can probably do this with 3 
systems and a 4-port hub; Samba, Exchange, 9x/NT client for testing.

>> 	If prior to, then the SID thing could be your problem, and I'd try
>> 	re-installing the Exchange server, or, better yet, setting up a new 
>> 	one for testing purposes that only knows about the Samba PDC.
>  Yes, it will be probably the only possible solution as I see. I just have
>some fear with complete settings and data transfer to be done then from 'old'
>to 'new' server.

Personally I don't blame you at all.  I'd do several things:

	1. Backup the exchange server to a new tape
	2. Tell users to copy their mail boxes to their local systems as 
	   a precaution
	3. Build a completely new Exchange server on new hardware and after you
	   get it working properly with the Samba PDC try and import the data 
	   from the old Exchange server.  If this fails, you have the backup
	   tape, if that fails, the users have their local copy.

>> 	If after, then did you make sure that it only knows about the Samba 
>> 	PDC and not the old domain controller?
>  The old domain controller was, of course, shut down during the testing (in
>night hours, some backups failed but who cares about them :-) ).

Right, but the Exchange server wasn't, which means it's trying to authenticate 
against the old PDC, which has a different SID than the Samba one.

>  Personally I think that the problem is that some vital files of Exchange
>are owned by the original NT user Exchange account and by logging Exchange
>as someone else it no longer has the needed permission for its local files.
>But I don't know how to solve it, I'm not much NT-experienced.

Well, I don't so much think that it's a vital file, rather a registry entry 
for Exchange that keeps track of the SID of the PDC.

>    4. Go to User Manager for Domains.
>    5. Click on Policies from the title bar menu, and select User Rights.
>    6. Select the option for Advanced User Rights.
>    7. In the drop-down list, verify that the following rights have been grant
>ed to the service account:
>     Act as part of the operating system
>     Back up files and directories
>     Log on as a service
>     Restore files and directories
>  But when User manager functionality is not yet implemented in Samba, is
> there any possibility to set it in Samba server itself (even in its sources
> if it is just tweaking some Samba tables).

I don't know the answer to this.  You'll have to check the Samba DOCS.  I 
recommend getting Gerry Carter's "TYS Samba in 24 Hours" or the new O'Reilly 
book on Samba.  In addition, look in the docs/ directory and read through all 
that stuff.  I seem to remember something mentioning SIDs in there.  John 
Blair's book, though written for pre 2.x Samba, has a very good explanation of 
SIDs as well if I recall correctly.

>Thanks for help, without getting Exchange it is not really possible to switch
>to Samba PDC and NIS/NT synchronization still continues as a nightmare.

Well, you could switch to sendmail and POP3/IMAP clients, then Exchange is 
no longer a problem :)

	    Depression is merely anger without enthusiasm.
     There cannot be a crisis today; my schedule is already full.
  A conclusion is simply the place where you got tired of thinking.
	 If you're not having fun, you're not doing it right!

More information about the samba-ntdom mailing list