[Samba] Profile migration again

Thu Jan 16 16:05:01 GMT 2003

On Thu, 16 Jan 2003, Gabriel D. Preston wrote:

> John,
>
> I tried following your instructions but ran into a problem since the
> profiles are already domain profiles, but stored locally.  The Win2K
> workstations currently belong to another domain (AAA).  When I try and
> copy these local profiles over, I don't have access to the new domain
> (BBB) when I am trying  to change the "Permitted to use".  So I tried
> moving the computer over to the new domain (BBB) and then copying the
> profiles over.  But then when I clicked on "User Profiles" all of the
> accounts were listed as "Account deleted".  Do you have possibly another
> set of instructions that I could follow for this kind of scenario?

If they are already domain user profiles then the samba-3.0.0 'profiles'
tool should report the SID's in NTUser.DAT and should allow you to change
them.

If not, package up a users' profile in a compressed tar file and send it
to me. I could provide an upload point for you if it is too large to
email. One of us will have a look at it.

- John T.

>
> -Gabe
>
> John H Terpstra wrote:
>
> >On Wed, 15 Jan 2003, Gabriel D. Preston wrote:
> >
> >
> >
> >>Using the -v flag gave me the same exact output from the ntuser.dat
> >>file.  This is becoming a rather frustrating problem to deal with, I'm
> >>sorry to have to continually keep bringing this up today.  Here is the
> >>output from the file using the -v option, and without using the -v option:
> >>
> >>root at file bin # ./profiles /home/gpreston/ntuser.dat
> >>Registry file size: 364544
> >>First Key Off: 32, Data Block Size: 360448
> >>Next Off: 0, Prev Off: 4096
> >>Type: 2c
> >>SK Off    : 105374
> >>Incorrect SK Header format: 00008AFC
> >>
> >>root at file bin # ./profiles -v /home/gpreston/ntuser.dat
> >>Registry file size: 364544
> >>First Key Off: 32, Data Block Size: 360448
> >>Next Off: 0, Prev Off: 4096
> >>Type: 2c
> >>SK Off    : 105374
> >>Incorrect SK Header format: 00008AFC
> >>
> >>If I run the profiles command on an ntuser.dat file that was created
> >>from a fresh profile, not one copied from a local profile to the samba
> >>server, I get a response back with all of the information in the file,
> >>including the user's SID.  But any ntuser.dat file that was taken from a
> >>local profile on the Win2K machine gives me the above problem.  It isn't
> >>readable by the profiles command.
> >>
> >>
> >
> >You must first convert the profile from a local profile to a domain
> >profile on the MS Windows workstation as follows:
> >
> >1. Log on as the LOCAL workstation administrator.
> >
> >2. Right click on the 'My Computer' Icon, select 'Properties'
> >
> >3. Click on the 'User Profiles' tab
> >
> >4. Select the profile you wish to convert (click on it once)
> >
> >5. Click on the button 'Copy To'
> >
> >6. In the "Permitted to use" box, click on the 'Change' button.
> >
> >7. Click on the 'Look in" area that lists the machine name, when you click
> >here it will open up a selection box. Click on the domain to which the
> >profile must be accessible.
> >
> >Note: You will need to log on if a logon box opens up. Eg: In the connect
> >as: MIDEARTH\root, password: mypassword.
> >
> >8. To make the profile capable of being used by anyone select 'Everyone'
> >
> >9. Click OK. The Selection box will close.
> >
> >10. Now click on the 'Ok' button to create the profile in the path you
> >nominated.
> >
> >Done. You now have a profile that can be editted using the samba-3.0.0
> >profiles tool.
> >
> >PS: To create a mandatory profile, just find the file NTUser.DAT and
> >rename it to NTUser.MAN. Of course, only do this AFTER editting the SIDs,
> >etc.
> >
> >- John T.
> >
> >
> >
> >>-Gabe
> >>
> >>John H Terpstra wrote:
> >>
> >>
> >>
> >>>On Wed, 15 Jan 2003, Gabriel D. Preston wrote:
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>I downloaded the Samba 3.0alpha22cvs version today because I am having
> >>>>the same problem.  I did the ./configure, and the make, and found the
> >>>>'profiles' utility in the bin directory.  I then ran it against an
> >>>>ntuser.dat file that had been copied over to the Unix server from the
> >>>>Win2K machine.  This is the output I received:
> >>>>
> >>>>root at file bin # ./profiles /home/gpreston/ntuser.dat
> >>>>Registry file size: 364544
> >>>>First Key Off: 32, Data Block Size: 360448
> >>>>Next Off: 0, Prev Off: 4096
> >>>>Type: 2c
> >>>>SK Off    : 105374
> >>>>Incorrect SK Header format: 00008AFC
> >>>>
> >>>>Apparently something is wrong because it can't get a SID from the
> >>>>profilefile, so now I am unsure how to go about changing it to the new
> >>>>one.  Also, how do I determine a user's new SID on the new system?  I
> >>>>know their UID, this is in the smbusers and /etc/passwd file, but am
> >>>>unsure on how I determine their SID.  Any more help on the matter?
> >>>>
> >>>>
> >>>>
> >>>>
> >>>Usage: profiles -c 'old-sid' -n 'new-sid' profile_path_and_name
> >>>
> >>>You can add the -v (verbose) option too.
> >>>
> >>>
> >>>What is the output of just using -v on this file?
> >>>
> >>>
> >>>- John T.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>-Gabe Preston
> >>>>
> >>>>
> >>>>John H Terpstra wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>On Wed, 15 Jan 2003, Erwin Zierler wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>John H Terpstra jht at samba.org writes:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>You see the NTUser.DAT file is keyed to the user's SID and the Domain SID
> >>>>>>>of the NT4 environment in which they were created. You need to either use
> >>>>>>>the NT4 procedure as documented in the resource kit for migrating the
> >>>>>>>profile, something that Microsoft only supports within the one domain
> >>>>>>>anyhow, or else use the profile editting tool that Richard Sharpe has
> >>>>>>>provided and that is part of samba-3.0.0 that will appear in the next
> >>>>>>>alpha. Meanwhile you could download the source from the CVS tree and
> >>>>>>>compile it yourself. It is called profiles.c. It would be best to build
> >>>>>>>samba-3.0.0 from the CVS tree as this tool is build automatically when you
> >>>>>>>do it this way.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>I just compiled the latest snapshot but I can't figure out which program
> >>>>>>is the one that I would want to use for editing profiles.
> >>>>>>In source/profile/ I see profile.c and after the build I get only an object
> >>>>>>file (profile.o) - so tried to grep all documents and sourcefiles for
> >>>>>>something that gives me more info - but no luck.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>Did you download the samba-3.0.0 CVS Code?
> >>>>>
> >>>>>If so, you will find the executable (once you have done the 'make
> >>>>>bin/profiles') in ~samba/source/utils. It will be called 'profiles' and
> >>>>>will have been built from the profiles.c in that directory.
> >>>>>
> >>>>>You will need to look at the documentation inside the profiles.c file
> >>>>>until we can get man pages into the code tree.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>I must have missed it I guess, doesn't help that it's 5am either :-(
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>I guess I could have been clearer with my advice. :(
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>Anyway, migrating 20 w2k workstations from an old NT 4.0 server to
> >>>>>>samba 2.2.7a has cost me like 24 hours altogether now. I dont even
> >>>>>>need the PDC functionality, I just dont want to reinstall all those
> >>>>>>applications and settings on all those client machines ;-)
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>And I am sure you would like both legs amputated without anaesthetic!
> >>>>>Right? :(
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>I wonder if I really have to buy the MS Resource Kit to get the info that
> >>>>>>is needed to successfully migrate those silly profiles. I figured what
> >>>>>>I am trying to do is something that other samba admins have faced before?!
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>No, it is too late for you to benefit from the resource kit if you have
> >>>>>already changed to the samba server.
> >>>>>
> >>>>>No, you are NOT the first to have to deal with profile migration issues,
> >>>>>that's why there is a migration tool now.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>Has anyone on this list done it? If yes, I'd really appreciate if you can
> >>>>>>drop me a line.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>If you really need a phone call email me your phone number to
> >>>>><jht at samba.org> I'll call you to help.
> >>>>>
> >>>>>- John T.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >
> >
> >
>
>
>

-- 
John H Terpstra
Email: jht at samba.org