[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities

Jeferee jeferee at hotmail.com
Fri Nov 7 07:30:21 GMT 2003 

Hello,

I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9.  I did this by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 RPM from samba.org, then putting my local changes back into smb.conf.  I have also migrated my smb users from smbpasswd to tdbsam with the pdbedit utility as discussed in the HOWTO.

It seems I have to rejoin my client boxes (windows 2000 pro) to the domain in order to log in, and then I have to blow away my local users on each client machines to allow the roving profiles to be reloaded at login.

Also, I have had to add the following to my smb.conf file to use tdbsam successfully.

logon home = \\%L\%U
logon path = \\%L\%U\profile

I had to do this in order to get the correct string to come up in pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the defaults cuased %N to show in place of the server name) - when I used 'smbpasswd' as the backend pdbedit -Lv showed proper values and things worked OK.

I also had to mess around a bit with 'net groupmap' modify/list to get the standard Windows groups to map properly to UNIX groups, as discussed in the HOWTO.  These seemed to work fine under 2.2.7.

Everything seems to work OK now, except for the following problems.  Can anyone tell me what I did wrong upgrading with respect to the following 3 issues:

1) I have to rejoin each client Windows 2000 box to the domain or logins fail (says the client is not in the domain) - did the machines' SIDs change for some reason?  Server SID?

2) I have to blow away local roving profiles, then log in to get the roving profiles to reload from the server - error says the profile for that user already exists on the server, but has the 'wrong security'.  Loads temp settings.  SID problem?

3) After rejoining and reloading, regular Domain Users do not have the ability to change their Internet Connection Settings - The "Internet Connection Wizard" icon recreates at each login, and when the user tries to access it, they get an access denied error.  Changes to internet settings from IE are not recorded, and it complains about 'no identities'.  The users are properly listed in the "Domain Users" group.  If I put the user (or Domain Users) in the Admininistrator group on the client boxes, he successfully gets his previously set settings (home page, etc) at login.

Thank you, and great job on 3.0!
Jeff Jones

More information about the samba mailing list