[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet
Connection Wizard / Identities
McKeever Chris
tech-mail at prupref.com
Fri Nov 7 23:01:32 GMT 2003
On Fri, 7 Nov 2003 10:38 , Jeff Jones <jeferee at hotmail.com> sent:
>> Yes. You should have saved the Domain SID before migration, then restored
>> it on Samba-3 using the net utility. That way your clients would have been
>> quite happy.
>
>
>Ah, ok. Is there a document explaining how to save and restore the SID? I
>saved the contents of /etc/samba before performing the upgrade. Can I still
>extract the SID and restore it into my Samba 3? I still have some client
>boxes I haven't joined to the new domain.
>
>Is there any other way, at this point, to allow my domain users write access
>to their identities / accounts without them being administrators? A way of
>moving forward with my new SID?
if you still have the old /etc/samba/secret.tdb file, you can grab the SID out of
that.
>
>Why isn't Windows allowing the users access to their internet settings /
>identities, even though they're in the new domain and the users' profiles
>have been reloaded from the server? Is there any way to fix it?
>
>Thanks again,
>Jeff
>
>
>----- Original Message -----
>From: "John H Terpstra" jht at samba.org>
>To: "Jeferee" jeferee at hotmail.com>
>Cc: samba at lists.samba.org>
>Sent: Friday, November 07, 2003 1:15 AM
>Subject: Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet
>Connection Wizard / Identities
>
>
>> On Thu, 6 Nov 2003, Jeferee wrote:
>>
>> > Hello,
>> >
>> > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this
>> > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0
>> > RPM from samba.org, then putting my local changes back into smb.conf.
>> > I have also migrated my smb users from smbpasswd to tdbsam with the
>> > pdbedit utility as discussed in the HOWTO.
>> >
>> > It seems I have to rejoin my client boxes (windows 2000 pro) to the
>> > domain in order to log in, and then I have to blow away my local users
>> > on each client machines to allow the roving profiles to be reloaded at
>> > login.
>> >
>> > Also, I have had to add the following to my smb.conf file to use tdbsam
>> > successfully.
>> >
>> > logon home = \\%L\%U
>> > logon path = \\%L\%U\profile
>> >
>> > I had to do this in order to get the correct string to come up in
>> > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the
>> > defaults cuased %N to show in place of the server name) - when I used
>> > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things
>> > worked OK.
>> >
>> > I also had to mess around a bit with 'net groupmap' modify/list to get
>> > the standard Windows groups to map properly to UNIX groups, as discussed
>> > in the HOWTO. These seemed to work fine under 2.2.7.
>> >
>> > Everything seems to work OK now, except for the following problems.
>> > Can anyone tell me what I did wrong upgrading with respect to the
>> > following 3 issues:
>> >
>> > 1) I have to rejoin each client Windows 2000 box to the domain or logins
>> > fail (says the client is not in the domain) - did the machines' SIDs
>> > change for some reason? Server SID?
>>
>> Yes. You should have saved the Domain SID before migration, then restored
>> it on Samba-3 using the net utility. That way your clients would have been
>> quite happy.
>>
>> >
>> > 2) I have to blow away local roving profiles, then log in to get the
>> > roving profiles to reload from the server - error says the profile for
>> > that user already exists on the server, but has the 'wrong security'.
>> > Loads temp settings. SID problem?
>>
>> Correct. See comment for Q1.
>>
>> >
>> > 3) After rejoining and reloading, regular Domain Users do not have the
>> > ability to change their Internet Connection Settings - The "Internet
>> > Connection Wizard" icon recreates at each login, and when the user tries
>> > to access it, they get an access denied error. Changes to internet
>> > settings from IE are not recorded, and it complains about 'no
>> > identities'. The users are properly listed in the "Domain Users" group.
>> > If I put the user (or Domain Users) in the Admininistrator group on the
>> > client boxes, he successfully gets his previously set settings (home
>> > page, etc) at login.
>>
>> Yes. Correct.
>>
>> > Thank you, and great job on 3.0!
>>
>> Glad to hear that the documentation was useful. Want to send me any
>> updates for it?
>>
>> Cheers,
>> John T.
>> --
>> John H Terpstra
>> Email: jht at samba.org
>>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
>
---- Prudential Preferred Properties www.prupref.com
More information about the samba
mailing list