[Samba] Problems after changing operating system and versions

Christoph Witzig christoph.witzig at opit.ch
Fri Jun 27 06:20:51 GMT 2003

Dear all,

we have been using samba as PDC with ldap for over a year without any 
problems. Now we are trying to switch to a another operating system
version and another samba version and have big problems with
our windows clients (NT, 2000 and XP). Some have problems logging on
to the domain (error C000019B), others give the net helpmsg 3678 
(problems saving profile) and/or the netlogon script and profile is not 
properly executed. Strangely a few seem to work just fine!

Old version:
SuSE 8.0
samba 2.2.4
openldap 2.0.23

New version:
United Linux with SP 1+2 (and SP2 hotfix)
samba 2.2.5-178
openldap 2.2.14-86

As I could nowhere find more information about how to properly
make such a migration, I did naivly the following:

1. profiles and user data are in an external RAID array (and weren't moved)

2. install new operating system on the same host giving him the
same name and ip address.

3. export ldap from old host using slapcat and import it with ldapadd 
(after manually taking into account the modified samba schema between 
openldap 2.0 and 2.2). ldapadd did not report any problems while 
checking the schema so I assume that was done right.

I should add, that at the same time the different ldap entries
that used to be all together at the top of the ldap tree
(uid=YYY,dc=samba,dc=org) were put into ou=groups,dc=samba,dc=org, 
ou=people,dc=samba,dc=org and ou=computer,dc=samba,dc=org to have 
themseparated while browsing the ldap tree.

In addition the computer account used to have an entry in the 
/etc/passwd and ldap (ldap had only sambaAccount no posixAccount).
I changed this and added a posixAccount into the ldap entry for machines 
and removed all machine entries in the /etc/passwd.
(The users and groups were already entirely in ldap).

I was extra careful  not to change any uid's, rid's etc in ldap
between the old and new setup. No passwords were changed (the same ones 
were taken as before).

4. To setup pams and nss I configured the ldap client with yast2
and verified the settings of nsswitch and /etc/security/pam_unix2.conf

5. Then I take the same smb.conf file as before. (domain name and all 
that were not changed).

6. The windows clients were not touched at all. In particular I did
not take them out of the domain and add them again. I  would like to
avoid this at any cost because of the time involved.I tried this with
a few machines and joining the domain seemed to work. However that
did not fix the problems with the users logging into the PCs after that.

7. I tested the entire setup with a separate, smaller installation
consisting of three PCs with one being the linux server (same 
software,same ldap info etc as the big server) and two windows PCs
(2000 and NT). For this test setup I had no problems but of course I
had to newly add the machines into the domain during the setup as they
didn't exist in the original ldap setting.)

Now my questions:
1. Is the general approach correct or should be done different?
1. If 1 is ok, what have I done wrong and forgotten to do?
3. Among other things I read somewhere that the domain sid should also 
be the same, so this could be part of my problem. How can I do this? I 
couldn't figure it out using rpcclient.Is that the only thing that could
be wrong.

Unfortunately with many users using the real system my access
is very limited and I don't have a lot of opportunities to just
keep trying things out!

Many thanks in advance



    Christoph Witzig
    christoph.witzig at opit.ch

    OPIT Solutions AG
    Täfernstr. 11
    CH-5405 Baden-Dättwil

    Tel: +41 56 484-8000 / Fax: +41 56 484-8001 / Web: www.opit.ch


More information about the samba mailing list