[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities

Jeff Jones jeferee at hotmail.com
Fri Nov 7 18:38:59 GMT 2003


> Yes. You should have saved the Domain SID before migration, then restored
> it on Samba-3 using the net utility. That way your clients would have been
> quite happy.


Ah, ok.  Is there a document explaining how to save and restore the SID?  I
saved the contents of /etc/samba before performing the upgrade.  Can I still
extract the SID and restore it into my Samba 3?  I still have some client
boxes I haven't joined to the new domain.

Is there any other way, at this point, to allow my domain users write access
to their identities / accounts without them being administrators?  A way of
moving forward with my new SID?

Why isn't Windows allowing the users access to their internet settings /
identities, even though they're in the new domain and the users' profiles
have been reloaded from the server?  Is there any way to fix it?

Thanks again,
Jeff


----- Original Message ----- 
From: "John H Terpstra" <jht at samba.org>
To: "Jeferee" <jeferee at hotmail.com>
Cc: <samba at lists.samba.org>
Sent: Friday, November 07, 2003 1:15 AM
Subject: Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet
Connection Wizard / Identities


> On Thu, 6 Nov 2003, Jeferee wrote:
>
> > Hello,
> >
> > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9.  I did this
> > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0
> > RPM from samba.org, then putting my local changes back into smb.conf.
> > I have also migrated my smb users from smbpasswd to tdbsam with the
> > pdbedit utility as discussed in the HOWTO.
> >
> > It seems I have to rejoin my client boxes (windows 2000 pro) to the
> > domain in order to log in, and then I have to blow away my local users
> > on each client machines to allow the roving profiles to be reloaded at
> > login.
> >
> > Also, I have had to add the following to my smb.conf file to use tdbsam
> > successfully.
> >
> > logon home = \\%L\%U
> > logon path = \\%L\%U\profile
> >
> > I had to do this in order to get the correct string to come up in
> > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the
> > defaults cuased %N to show in place of the server name) - when I used
> > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things
> > worked OK.
> >
> > I also had to mess around a bit with 'net groupmap' modify/list to get
> > the standard Windows groups to map properly to UNIX groups, as discussed
> > in the HOWTO.  These seemed to work fine under 2.2.7.
> >
> > Everything seems to work OK now, except for the following problems.
> > Can anyone tell me what I did wrong upgrading with respect to the
> > following 3 issues:
> >
> > 1) I have to rejoin each client Windows 2000 box to the domain or logins
> > fail (says the client is not in the domain) - did the machines' SIDs
> > change for some reason?  Server SID?
>
> Yes. You should have saved the Domain SID before migration, then restored
> it on Samba-3 using the net utility. That way your clients would have been
> quite happy.
>
> >
> > 2) I have to blow away local roving profiles, then log in to get the
> > roving profiles to reload from the server - error says the profile for
> > that user already exists on the server, but has the 'wrong security'.
> > Loads temp settings.  SID problem?
>
> Correct. See comment for Q1.
>
> >
> > 3) After rejoining and reloading, regular Domain Users do not have the
> > ability to change their Internet Connection Settings - The "Internet
> > Connection Wizard" icon recreates at each login, and when the user tries
> > to access it, they get an access denied error.  Changes to internet
> > settings from IE are not recorded, and it complains about 'no
> > identities'.  The users are properly listed in the "Domain Users" group.
> > If I put the user (or Domain Users) in the Admininistrator group on the
> > client boxes, he successfully gets his previously set settings (home
> > page, etc) at login.
>
> Yes. Correct.
>
> > Thank you, and great job on 3.0!
>
> Glad to hear that the documentation was useful. Want to send me any
> updates for it?
>
> Cheers,
> John T.
> -- 
> John H Terpstra
> Email: jht at samba.org
>



More information about the samba mailing list