[Samba] Win2K Machine Accounts No Longer Valid after Samba PD C Upgrade (2.2.2 to 2.2.8a)

Chris McKeever cgmckeever at prupref.com
Thu Jun 19 00:19:12 GMT 2003

> -----Original Message-----
> From: Geoff Stitt [mailto:grstitt at somanetworks.com]
> Sent: Wednesday, June 18, 2003 10:34 AM
> To: samba at lists.samba.org
> Subject: [Samba] Win2K Machine Accounts No Longer Valid after 
> Samba PDC
> Upgrade (2.2.2 to 2.2.8a)
> My apolgies in posting this again. However I was hoping someone
> had a suggestion...
> Symptom:   After upgrading our Primary Domain Controller
>            from Samba 2.2.2 to Samba 2.2.8a, users attempting 
>            to login from Windows 2000 clients are no longer 
>            able to do so. 
> Details:   After some research it was discovered that if a Windows
>            2000 client re-joins the domain served by the upgraded
>            version of Samba, users are then able to, once again,
>            log into this domain.
>            It was also discovered that if the Samba PDC was downgraded
>            to its original version of 2.2.2, any windows 2000 client
>            that re-joined the domain while the Samba PDC was at  
>            version 2.2.8a, was still able to log into the domain.
>            As additional information, both versions of the Samba
>            PDC were compiled on SPARC architecture running Solaris 8.0
> As the above comments suggest, machine accounts are 
> backward-compatible,
> but *not* forward-compatible between Samba versions 2.2.2 and 2.2.8a.
> After researching the Samba mailing lists and newsgroups it is more
> or less understood that in order to deal with problems of this nature
> each windows 2000 machine account needs to be recreated. Which is
> a very time-consuming effort.
> Is there a better way to deal with this upgrade path?
> Ideally where I don't have to visit each windows 2000 machine in order
> to re-create their machine accounts?  A migration utility or set of
> server-side steps perhaps? 
> ...geoff

I cant comment on the compatibility issues, but you could make an account
that will allow the addition of the machines to the domain and then set the
add user script to do the rest.  Granted you will have to ask your users to
do some work, but it is better than schleping all over.

Another suggestion would be fo r future to put a remote viewer app on your
clients (tightvnc.com) that will allow you to do it all remotely.

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list