Can someone verify my checklist?
Andrew Bartlett
abartlet at samba.org
Mon Feb 23 20:55:59 GMT 2004
On Tue, 2004-02-24 at 03:51, Brad Langhorst wrote:
> On Mon, 2004-02-23 at 08:40, PHELPS, SCOTT wrote:
> > Hi guys,
>
> > I am hoping that cloning the SID and keeping the same server name that
> > my 65 Windows clients will not know the difference and everything will
> > be transparent. I definitely want to avoid new profile creation, you
> > know? Can anyone confirm that I have not forgotten anything?
>
> your checklist looks good to me...
> but i think you should be prepared to deal with some pain on the
> clients. I've found that it's hard to get a machine joined to samba
> except by manually leaving and rejoining the domain.
>
> it's apparently not enough to create machine accounts in LDAP with no
> password - there is something more complex going on that I do not
> understand. I posted about this last week with no responses so i guess
> nobody else really does either.
You must migrate the machine passwords too. Not that it looks like that
will be a problem, as the passwords are just pulled with the rest.
Machine password's can't be NULL, as the client asserts (by various
crypto games) that the server knows the password, and can therefore be
trusted.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040224/11167e39/attachment.bin
More information about the samba-technical
mailing list