[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities

John H Terpstra jht at samba.org
Fri Nov 7 09:15:11 GMT 2003 

On Thu, 6 Nov 2003, Jeferee wrote:

> Hello,
>
> I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9.  I did this
> by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0
> RPM from samba.org, then putting my local changes back into smb.conf.
> I have also migrated my smb users from smbpasswd to tdbsam with the
> pdbedit utility as discussed in the HOWTO.
>
> It seems I have to rejoin my client boxes (windows 2000 pro) to the
> domain in order to log in, and then I have to blow away my local users
> on each client machines to allow the roving profiles to be reloaded at
> login.
>
> Also, I have had to add the following to my smb.conf file to use tdbsam
> successfully.
>
> logon home = \\%L\%U
> logon path = \\%L\%U\profile
>
> I had to do this in order to get the correct string to come up in
> pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the
> defaults cuased %N to show in place of the server name) - when I used
> 'smbpasswd' as the backend pdbedit -Lv showed proper values and things
> worked OK.
>
> I also had to mess around a bit with 'net groupmap' modify/list to get
> the standard Windows groups to map properly to UNIX groups, as discussed
> in the HOWTO.  These seemed to work fine under 2.2.7.
>
> Everything seems to work OK now, except for the following problems.
> Can anyone tell me what I did wrong upgrading with respect to the
> following 3 issues:
>
> 1) I have to rejoin each client Windows 2000 box to the domain or logins
> fail (says the client is not in the domain) - did the machines' SIDs
> change for some reason?  Server SID?

Yes. You should have saved the Domain SID before migration, then restored
it on Samba-3 using the net utility. That way your clients would have been
quite happy.

>
> 2) I have to blow away local roving profiles, then log in to get the
> roving profiles to reload from the server - error says the profile for
> that user already exists on the server, but has the 'wrong security'.
> Loads temp settings.  SID problem?

Correct. See comment for Q1.

>
> 3) After rejoining and reloading, regular Domain Users do not have the
> ability to change their Internet Connection Settings - The "Internet
> Connection Wizard" icon recreates at each login, and when the user tries
> to access it, they get an access denied error.  Changes to internet
> settings from IE are not recorded, and it complains about 'no
> identities'.  The users are properly listed in the "Domain Users" group.
> If I put the user (or Domain Users) in the Admininistrator group on the
> client boxes, he successfully gets his previously set settings (home
> page, etc) at login.

Yes. Correct.

> Thank you, and great job on 3.0!

Glad to hear that the documentation was useful. Want to send me any
updates for it?

Cheers,
John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list