[Samba] XP Machines/profiles/migration issues

Buchan Milne bgmilne at cae.co.za
Tue Apr 1 15:41:31 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Date: 01 Apr 2003 10:11:01 +1000
> From: richard <rcoates at bigpond.net.au>
> To: Anthony Hardy <mis at jdcc.edu>
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Subject: Re: [Samba] XP Machines/profiles/migration issues
> Message-ID: <1049155862.2283.18.camel at mynewbox>
> In-Reply-To: <00d301c2f7b0$f390c0d0$fb020a0a at misdir>
> References: <00d301c2f7b0$f390c0d0$fb020a0a at misdir>
> Content-Type: text/plain
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Precedence: list
> Message: 5
>
> I'm no expert on Xp profiles but..doesen't xp assign a sid to each user
> in the profile. I believe you'll have to create your new domain-user on
> new server THEN copy old profile over newly created one (using xp user
> tools). There have posts on how to do this earlier this year. regards,
> Richard Coates.
>

Well, this will not fix the ntuser.dat, since the ACLs in the file will
still have the old SIDs.

> On Tue, 2003-04-01 at 04:11, Anthony Hardy wrote:
>
>>> well . would help if i didn't hit the send key before pasting in the
>>> original msg . once again . my apologies
>>>
>>> btw . helpful info:
>>>
>>> mandrake rpms at 2.2.7a, mandrake 9.0 . .all patches applied.
>>>
>>> I just sent this . but realized i sent it from the wrong email addy
. want
>>> to make sure it gets thru to the list . so i'm resending . i
apologize if
>>> both copies make it thru.
>>>
>>> problem:
>>>
>>>
>>> migrating from one server to another .  . .physical and software
migration.
>>> copied all profiles and am in the process of adding a new automated
system
>>> for domain management (mysql backend, blah balh) so the uid's
changed for
>>> each user.
>>>

Are you using the samba mysql sam backend (is that in 2.2.x, if not, you
 may want to try samba3).

Also, LDAP may be a better backend for 2.2.x.

>>> this is what how i THOUGHT things would work:
>>>
>>> 1. everyone logs out
>>> 2. shutdown samba on old server
>>> 3. add new users to new server
>>> 4. transfer ALL data to new server, including profiles, setup
permissions on
>>> files to correspond with new uids
>>> 5. finish config of smb.conf on new server, adding the proper
shares, etc .
>>> basically a mirror of the old box.
>>> 6. start up new server . . .login 9x machines for testing.
>>> 7. rejoin all XP machines to the domain, and i should have been good
to go.
>>>
>>> the problem lies in that once i rejoin an XP machine (testing with a
couple
>>> right now) is that the profiles don't load properly.  the user logs in,
>>> everything "seems" to be ok . in that the desktop icons are present,
custom
>>> apps seem to work . .but pieces are broken.
>>>

Chances are that if you need to rejoin machines to the domain, you are
going to need to fix the profiles. You should aim not to need to rejoin
machines.

>>> for example . . .OE or outlook . broken.  it's like the ntuser.dat file
>>> doesn't get pulled .. .

Probably becuase the ACLs in the profile itself don't allow the user to
read the settings.

>>>
>>> i noticed that under documents and settings on the local machines HD the
>>> owner wasn't correct for the correct profile directory (normally,
just the
>>> user name) and upon logging in . there was a new profile directory
created,
>>> username.domain.  That "should" have been fine i thought . .as long
as  the
>>> profile was copied from the network . but it's NOT being copied .
. . .so
>>> i tried different machines . and various tests . from rejoining the
domain
>>> and changing permission BEFORE logging in as the user to  . .well .
>>> everything i can think of.
>>>

If you don't repair the profile, you will have to delete it first.

>>> so . my question is two fold . .is there any reason an XP machine
that DID
>>> copy profiles from the network BEFORE the change wouldn't copy them now?

Yes, the SIDs have changed.

>>> logon path and logon home variables are the SAME and my 9x machines WORK
>>> fine

98 doesn't have SIDs, NT, 2k and XP do.

>>> . .i've got about 100 XP machines out there tho .  .and i NEED this to
>>> work . .or i'm going to attempt to go back to the old server.
>>>

It may be possible for you to fix this using the profiles binary in
samba3. Easiest way for you to do that is to install samba3-server and
samba3-common alpha22 (haven't gotten around to building alpha23 yet
...) from here:

http://ranger.dnsalias.com/mandrake/9.0/samba3/

These packages are made to parallel-install with Mandrake samba-2.2.x
RPMs, so they are safe to use (just check the smb3 is off with chkconfig
after installing it)

Then,  run
# profiles3

I have forgotten how to use it, but just read the --help, iy has an
option for changing SIDs.

Just ensure your existing profiles are backed up.

Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+ibMqrJK6UGDSBKcRAqLZAJ4kdRDXXzzbWbBKzCFtsiRNOmF7rACgkT8a
Qg2PAOZGTIH1Z7ARWnq0a6s=
=RFQG
-----END PGP SIGNATURE-----



More information about the samba mailing list