[Samba] Migrating from win2k pdc to samba3 + ldap + pam + nss

Alexandru Ionica gremlin at fmi.unibuc.ro
Wed Oct 8 18:00:52 GMT 2003 

So here is the setup now: pam worknig, ldap working, samba working, passwd
sync works great both ways (linux accounts > win accouns; win > lin). I'm
useing another domain name for the new pdc. Today i tried to migtrate all
the accounts from the Win2k PDC and i got into problems. I changed in
smb.conf the domain name to the one of the win PDC , joind my samba intro
the domain and did a    net rpc vampire , text flashed :) , and accounts
were imported. Everything seemd to be ok . I changed the domain name to
the new one, and restarted samba. I tried to login to the domain from a
win 2k workstation previosly joind into the new domain. None of the
imported accouts worked. I read some more docs and tried a

scorpius:~# /usr/local/samba/bin/net groupmap modify ntgroup='Domain
Users' unixgroup=users net:
/build/buildd/openldap2-2.0.23/libraries/liblber/decode.c:500: ber_scanf:
Assertion `(( ber )->ber_opts.lbo_valid==0x2)' failed. Aborted

If i try the same thind with "Domain Admins" -> root it doesn't work at
all and says group not found
scorpius:~# /usr/local/samba/bin/net groupmap modify ntgroup='Domain
Admins' unixgroup=root [2003/10/08 10:43:38, 0]
passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(1954)
  ldapsam_update_group_mapping_entry: No group to modify!
Could not update group database


scorpius:~# /usr/local/samba/bin/net groupmap list
Users (S-1-5-32-545) -> users
Domain Admins (S-1-5-21-682003330-616249376-1417001333-512) -> Domain
Admins Domain Users (S-1-5-21-682003330-616249376-1417001333-513) ->
Domain Users Domain Guests (S-1-5-21-682003330-616249376-1417001333-514)
-> Domain Guests Administrators (S-1-5-32-544) -> Administrators
Guests (S-1-5-32-546) -> Guests
Account Operators (S-1-5-32-548) -> Account Operators
Server Operators (S-1-5-32-549) -> Server Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicator (S-1-5-32-552) -> Replicator
Domain Computers (S-1-5-21-682003330-616249376-1417001333-515) -> Domain
Computers


So any ideeas, i think i can't use the accounts beacuse of the different sid

I can't add by hand old accounts , beacause i have around 2000 users, so
it is a must to migrate.

Thanks

-- 
Permission to live...DENIED!

More information about the samba mailing list