[Samba] Migrating from 2.2.8a to 3.02a

root emruivo at spel-parques.pt
Wed Aug 18 20:46:12 GMT 2004 

Hi,

I've been going nuts for the last couple of days with the issue of migrating 
from MDK 9.1/Samba 2.2.8a to MDK 10.0/Samba 3.02a.

The backend is LDAP.

Going through the documentation it seemed like everything would be sort of 
simple:

Install new machine, setup smb.conf as BDC, rsync every share (including 
homes, netlogon and profiles) across, set ldap admin password in 
secrests.tdb, inject correct domain SID, dump current PDC LDAP tree to ldif, 
import ldif into BDC, join BDC to domain and fire up samba.

Everything described worked out more or less as expected.

The problem was that any attempt to log on to a share gave an 
NT_STATUS_LOGON_FAILURE error.

Cranking up the log didn't help me much, the only part that was strange was 
information that the NT and LM passwords didn't exist. Well I was looking at 
them on another window...??!!

At some point I changed the password on one of the accounts with 
smbldap-passwd (same password I knew was there before) and now smbclient 
worked fine. After checking the code for smbldap-passwd I saw that from the 
old server to the new one there were some changes in the commands used to 
chenge the password for the posixaccount. I thought damn, i'm dead i'm going 
to have to change everybody's password to something new and tell them to 
change back to whatever they want later... (just imagine the comments, "these 
guys from IT love to complicate things for no resason...").

Well finally after chasing down every link I could find on google and drwing a 
blank I noticed that the account I had changed the password on had a value in 
the SambaPwdLastSet attribute that was diferent from 0.

Every account imported from the ldif file had this as 0. I checked on the old 
server and the corresponding attribute pwdLastSet was 0 also.

Anyway I decided to just copy the new value to one of the other accounts and, 
presto smbclient working as expected..!

Since on the old server there is no problem I would like to ask if this new 
behaviour is intended or a quirk in Samba (at least in MDK 3.02.a)?

If the behaviour is intended it would be nice to find a reference to this in 
the migration chapters in the docs so others know about it and the kind 
people who provide us with scripts to migrate can integrate this aspect.

Sorry for the long text but I needed a stress break...

Regards,
Eugenio Ruivo

More information about the samba mailing list