[Samba] Migrating from 2.2.8a to 3.02a

John H Terpstra samba at primastasys.com
Thu Aug 19 03:43:09 GMT 2004 

Hi,

Suggest you consider:

   pdbedit --force-initialized-passwords

to solve this problem. It is a documented work-around for this problem
if I understand correctly what you have reported.

- John T.
---
John H Terpstra
Samba-Team
email: jht at samba.org


> -------- Original Message --------
> Subject: [Samba] Migrating from 2.2.8a to 3.02a
> From: "root" <emruivo at spel-parques.pt>
> Date: Wed, August 18, 2004 1:46 pm
> To: samba at lists.samba.org
> 
> Hi,
> 
> I've been going nuts for the last couple of days with the issue of migrating 
> from MDK 9.1/Samba 2.2.8a to MDK 10.0/Samba 3.02a.
> 
> The backend is LDAP.
> 
> Going through the documentation it seemed like everything would be sort of 
> simple:
> 
> Install new machine, setup smb.conf as BDC, rsync every share (including 
> homes, netlogon and profiles) across, set ldap admin password in 
> secrests.tdb, inject correct domain SID, dump current PDC LDAP tree to ldif, 
> import ldif into BDC, join BDC to domain and fire up samba.
> 
> Everything described worked out more or less as expected.
> 
> The problem was that any attempt to log on to a share gave an 
> NT_STATUS_LOGON_FAILURE error.
> 
> Cranking up the log didn't help me much, the only part that was strange was 
> information that the NT and LM passwords didn't exist. Well I was looking at 
> them on another window...??!!
> 
> At some point I changed the password on one of the accounts with 
> smbldap-passwd (same password I knew was there before) and now smbclient 
> worked fine. After checking the code for smbldap-passwd I saw that from the 
> old server to the new one there were some changes in the commands used to 
> chenge the password for the posixaccount. I thought damn, i'm dead i'm going 
> to have to change everybody's password to something new and tell them to 
> change back to whatever they want later... (just imagine the comments, "these 
> guys from IT love to complicate things for no resason...").
> 
> Well finally after chasing down every link I could find on google and drwing a 
> blank I noticed that the account I had changed the password on had a value in 
> the SambaPwdLastSet attribute that was diferent from 0.
> 
> Every account imported from the ldif file had this as 0. I checked on the old 
> server and the corresponding attribute pwdLastSet was 0 also.
> 
> Anyway I decided to just copy the new value to one of the other accounts and, 
> presto smbclient working as expected..!
> 
> Since on the old server there is no problem I would like to ask if this new 
> behaviour is intended or a quirk in Samba (at least in MDK 3.02.a)?
> 
> If the behaviour is intended it would be nice to find a reference to this in 
> the migration chapters in the docs so others know about it and the kind 
> people who provide us with scripts to migrate can integrate this aspect.
> 
> Sorry for the long text but I needed a stress break...
> 
> Regards,
> Eugenio Ruivo
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list