[Samba] XP Machines/profiles/migration issues

Thu Apr 3 02:52:48 GMT 2003

Would it be possible to use this tool (profile3) to copy an NT4 profile to a
2000 box? It must be possible to do it since MS can do it during an upgrade.
Does anyone know of a tool for this.

Jim

----- Original Message -----
From: "Buchan Milne" <bgmilne at cae.co.za>
To: "Anthony Hardy" <mis at jdcc.edu>
Cc: <samba at lists.samba.org>
Sent: Tuesday, April 01, 2003 10:41 AM
Subject: Re: [Samba] XP Machines/profiles/migration issues

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > Date: 01 Apr 2003 10:11:01 +1000
> > From: richard <rcoates at bigpond.net.au>
> > To: Anthony Hardy <mis at jdcc.edu>
> > Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> > Subject: Re: [Samba] XP Machines/profiles/migration issues
> > Message-ID: <1049155862.2283.18.camel at mynewbox>
> > In-Reply-To: <00d301c2f7b0$f390c0d0$fb020a0a at misdir>
> > References: <00d301c2f7b0$f390c0d0$fb020a0a at misdir>
> > Content-Type: text/plain
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Precedence: list
> > Message: 5
> >
> > I'm no expert on Xp profiles but..doesen't xp assign a sid to each user
> > in the profile. I believe you'll have to create your new domain-user on
> > new server THEN copy old profile over newly created one (using xp user
> > tools). There have posts on how to do this earlier this year. regards,
> > Richard Coates.
> >
>
> Well, this will not fix the ntuser.dat, since the ACLs in the file will
> still have the old SIDs.
>
> > On Tue, 2003-04-01 at 04:11, Anthony Hardy wrote:
> >
> >>> well . would help if i didn't hit the send key before pasting in the
> >>> original msg . once again . my apologies
> >>>
> >>> btw . helpful info:
> >>>
> >>> mandrake rpms at 2.2.7a, mandrake 9.0 . .all patches applied.
> >>>
> >>> I just sent this . but realized i sent it from the wrong email addy
> . want
> >>> to make sure it gets thru to the list . so i'm resending . i
> apologize if
> >>> both copies make it thru.
> >>>
> >>> problem:
> >>>
> >>>
> >>> migrating from one server to another .  . .physical and software
> migration.
> >>> copied all profiles and am in the process of adding a new automated
> system
> >>> for domain management (mysql backend, blah balh) so the uid's
> changed for
> >>> each user.
> >>>
>
> Are you using the samba mysql sam backend (is that in 2.2.x, if not, you
>  may want to try samba3).
>
> Also, LDAP may be a better backend for 2.2.x.
>
> >>> this is what how i THOUGHT things would work:
> >>>
> >>> 1. everyone logs out
> >>> 2. shutdown samba on old server
> >>> 3. add new users to new server
> >>> 4. transfer ALL data to new server, including profiles, setup
> permissions on
> >>> files to correspond with new uids
> >>> 5. finish config of smb.conf on new server, adding the proper
> shares, etc .
> >>> basically a mirror of the old box.
> >>> 6. start up new server . . .login 9x machines for testing.
> >>> 7. rejoin all XP machines to the domain, and i should have been good
> to go.
> >>>
> >>> the problem lies in that once i rejoin an XP machine (testing with a
> couple
> >>> right now) is that the profiles don't load properly.  the user logs
in,
> >>> everything "seems" to be ok . in that the desktop icons are present,
> custom
> >>> apps seem to work . .but pieces are broken.
> >>>
>
> Chances are that if you need to rejoin machines to the domain, you are
> going to need to fix the profiles. You should aim not to need to rejoin
> machines.
>
> >>> for example . . .OE or outlook . broken.  it's like the ntuser.dat
file
> >>> doesn't get pulled .. .
>
> Probably becuase the ACLs in the profile itself don't allow the user to
> read the settings.
>
> >>>
> >>> i noticed that under documents and settings on the local machines HD
the
> >>> owner wasn't correct for the correct profile directory (normally,
> just the
> >>> user name) and upon logging in . there was a new profile directory
> created,
> >>> username.domain.  That "should" have been fine i thought . .as long
> as  the
> >>> profile was copied from the network . but it's NOT being copied .
> . . .so
> >>> i tried different machines . and various tests . from rejoining the
> domain
> >>> and changing permission BEFORE logging in as the user to  . .well .
> >>> everything i can think of.
> >>>
>
> If you don't repair the profile, you will have to delete it first.
>
> >>> so . my question is two fold . .is there any reason an XP machine
> that DID
> >>> copy profiles from the network BEFORE the change wouldn't copy them
now?
>
> Yes, the SIDs have changed.
>
> >>> logon path and logon home variables are the SAME and my 9x machines
WORK
> >>> fine
>
> 98 doesn't have SIDs, NT, 2k and XP do.
>
> >>> . .i've got about 100 XP machines out there tho .  .and i NEED this to
> >>> work . .or i'm going to attempt to go back to the old server.
> >>>
>
> It may be possible for you to fix this using the profiles binary in
> samba3. Easiest way for you to do that is to install samba3-server and
> samba3-common alpha22 (haven't gotten around to building alpha23 yet
> ...) from here:
>
> http://ranger.dnsalias.com/mandrake/9.0/samba3/
>
> These packages are made to parallel-install with Mandrake samba-2.2.x
> RPMs, so they are safe to use (just check the smb3 is off with chkconfig
> after installing it)
>
> Then,  run
> # profiles3
>
> I have forgotten how to use it, but just read the --help, iy has an
> option for changing SIDs.
>
> Just ensure your existing profiles are backed up.
>
> Buchan
>
> - --
> |--------------Another happy Mandrake Club member--------------|
> Buchan Milne                Mechanical Engineer, Network Manager
> Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
> Stellenbosch Automotive Engineering         http://www.cae.co.za
> GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
> 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+ibMqrJK6UGDSBKcRAqLZAJ4kdRDXXzzbWbBKzCFtsiRNOmF7rACgkT8a
> Qg2PAOZGTIH1Z7ARWnq0a6s=
> =RFQG
> -----END PGP SIGNATURE-----
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba