[Samba] logon script won't start anymore after update 2.2.3a

[Martin Thomas]

>Message: 26
>Date: Mon, 18 Aug 2003 10:18:24 +0200
>From: Carsten Springenberg <springenberg at bwv-zk.de>
>Subject: [Samba] logon script won't start anymore after update 2.2.3a
>-> 2.2.8.a
>To: samba at lists.samba.org
>Message-ID: <3F408BD0.50607 at bwv.net>
>Content-Type: text/plain; charset=us-ascii; format=flowed

>Dear list,
>
>last friday I had a frustrating experience during the update of my samba 
>server. I've been running samba since 1998, now there are 50 users with 
>win2k-boxes attached - the samba server acting as PDC. Becauce of a swap 
>of the old server I finally decided to update to 2.2.8a. What I did (in 
>general):

>- installed the new server with suse 8.2 prof
>- Installed the suse-rpms for 2.2.8a on the new server.
>- shut down smdb/nmdb on the old server and changed ip and name
>- copied smb.conf, smbpasswd, secrets.tdb to the new server
>- added all the unix users
>- changed ip and name on the new server to the values of the old server
>- started smdb/nmdb on the new server
>
>Everything seemed to work. I could logon and got my samba-shares - but 
>as I found out I got my samba-shares because they have been mapped 
>previously and not because of my logon script. Further experiments 
>brought up that the logon scripts didn't run at all at logon-time.
>
>I tried a lot concerning "logon script" (%u instead %U, changed it to a 
>f. e. to "logon.bat") but without success. The logon script just sets 
>the time and maps the shars. The [netlogon]-share doesn't seem to be the 
>problem either. I read all in the archives concerning this point (and 
>also googled) but couldn't find something usefull.
>
>I am not that new to samba but am at a loss anyway.
>
>So I reversed the changes and fired up my old samba server and am 
>looking for ideas now.

>...

It seems that you forgot the transfer the Machine and Domain SID to
the new configuration. The domain logon does not work correctly
if the Server SID is not the one that is cached in the clients registry
during domain join.

There are several possibilities:
* use smbpasswd to get the SIDs from a running Domain controller,
  see the documentation of smbpasswd, the options where added
  in 2.2.8 (or 2.2.7). Although this is the recommended method it did not 
  work for me,  I could transfer the Domain SID with smbpasswd but 
  somehow the Machine-SID seems to be importat to but did not
  transfer correctly
* get the SID from the file MACHINE.SID (only available in older
  Samba versions, I think your 2.2.3a used this file) on your old server, 
  transfer the SID to the new server and  import the SID using smbpasswd.
* since you used an "old" Samba the SID should be in the file MACHINE.SID,
  copy this file to your new box in the directory where secrets.tbd
  is located, stop Samba, move the file secrets.tdb away (backup),
  restart Samba. On startup Samba can not find secrets.tbd which
  you moved away and should look for the file MACHINE.SID,
  import its contents (the SID) into a newly created secrets.tdb and
  delete MACHINE.SID (I'm not shure but you can grep the
  Samba source code for MACHINE.SID and see how this is
  implemented)
* The method that worked me, since I already had a secrets.tdb
  on the old server:
  - copy the file secrets.tdb on your new server to another directory
  - stop Samba
  - replace the file secrets.tdb on your new machine with the
    file secrets.tdb from your old server (the SIDs are in this file)
  - start Samba

Another reason for your problem might be that the the startup scripts 
are not accessable for the user that logs in.

Hope this helps, good luck
Martin


---
Martin THOMAS
University of Kaiserslautern, Institute of Environmental Engineering,
Kaiserslautern (ZIP 67663), Germany