Replacing NT4 PDC with Samba 2.2.2
Tim Allen
timallen at ls82.fsnet.co.uk
Thu Dec 20 00:44:04 GMT 2001
I found this:
http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html
by Jeremy which talks about SID's and RID's. I'm going to read through it in
the next couple of days and see whether it throws any light on how to do
this. It's pretty old though, Samba 2.0 vintage.
This does seem like an area which could really do with some airing on the
lists. I'd have thought it would be a very common requirement.
Tim Allen
----- Original Message -----
From: "rebelman" <rebel at snafu.de>
To: "David Kadlec" <david.kadlec at unicorn.cz>; <samba at lists.samba.org>
Sent: Wednesday, December 19, 2001 7:46 PM
Subject: Re: Replacing NT4 PDC with Samba 2.2.2
> Hi David and Allen,
> i try the same. replacing a win2000K PDC with samba. I faild for a week
now.
> but there seem to be authentification errors. I use encrypted passwords,
set
> up named and machine accounts in passwd, shado and smbpasswd etc. but it
> doesn't work.
> But until now I never heard of a SID or RID. What is this SID ?
> I have to say, that I never administered a win network. ;-)
> - FRankie
> ***************************************************
> Und Linux sagte: You don't exist! Go away!
> ----- Original Message -----
> From: David Kadlec <david.kadlec at unicorn.cz>
> To: <samba at samba.org>
> Sent: Wednesday, December 19, 2001 12:55 PM
> Subject: Re: Replacing NT4 PDC with Samba 2.2.2
>
>
> > Hello,
> >
> > we went through same scenario few days ago. The problem is with SID
> > creation - Samba does not make user's
> > SID as domainSID-userUID as you can maybe think. Instead it does it like
> > domainSID-(UID*2+1000). So they
> > have different SID on NT and Samba domain. You can construct UIDs of
user
> > from their RID with reverse prodedure
> > (UID=(RID-1000) /2 ), but if you have some with odd RID, you dont have a
> > chance.
> >
> > David Kadlec
> >
> > ----- Original Message -----
> > From: "Tim Allen" <timallen at ls82.fsnet.co.uk>
> > To: <samba at lists.samba.org>
> > Sent: Wednesday, December 19, 2001 8:58 AM
> > Subject: Replacing NT4 PDC with Samba 2.2.2
> >
> >
> > > Hi
> > >
> > > Haven't seen any responses to my earlier post (Transferring PDC duties
> to
> > > Samba) so here's a slightly different approach I'm trying which
someone
> > can
> > > hopefully shed some light on.
> > >
> > > Is it possible to transfer domain-specific data from an NT4 PDC to a
> Samba
> > > 2.2.2 server, switch off the NT4 machine, set up smb.conf, switch on
the
> > > Samba box such that the attached NT4/Win2000 workstations are
blissfully
> > > unaware that the PDC has changed? In other words, doing the equivalent
> of
> > > setting up Samba as a BDC then promoting it to PDC, albeit manually.
> > >
> > > So far, I've done the following:
> > >
> > > Extracted the workstation machine accounts from the NT4 server using
> > pwdump
> > > and inserted into smbpasswd.
> > > Made the corresponding additions to /etc/passwd and etc/shadow.
> > > Extracted the NT4 SID and inserted into MACHINE.SID.
> > > Specified the netbios name to be that of the NT4 server in smb.conf.
> > >
> > >
> > > Doing the above does allow a login from one of the workstations, but
the
> > > workstation considers this to be a new user, which is exactly what I'm
> > > trying to avoid, as the local profiles for each user are then lost. A
> log
> > > error message is also generated at login:
> > >
> > > Dec 18 16:19:28 golux smbd[15238]: [2001/12/18 16:19:28,
> > > 0]rpc_server/srv_netlog.c:api_net_sam_logon(208)
> > > Dec 18 16:19:28 golux smbd[15238]: api_net_sam_logon: Failed to
> marshall
> > > NET_R_SAM_LOGON.
> > > Dec 18 16:19:28 golux smbd[15238]: [2001/12/18 16:19:28, 0]
> > > rpc_server/srv_pipe.c:api_rpcTNP(1204)
> > > Dec 18 16:19:28 golux smbd[15238]: api_rpcTNP: api_netlog_rpc:
> > > NET_SAMLOGON failed.
> > >
> > > Any advice much appreciated.
> > >
> > > Tim Allen
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list