[Samba] RH9 to RH Enterprise: PDC migration from one operating
system to another
Jose Luis Viñas
vinas_jlu at gva.es
Tue Aug 24 18:38:30 GMT 2004
I had to migrate to RedHat Enterprise Linux ES 3.0. Actually I had to
do is a complete OS install, NOT an upgrade.
What this means is that I had to reinstall Samba and configure it.
I'm using Samba 3.0.4-6.3E (a Redhat rpm) with smbpasswd as password backend.
My pourpose was to be seamless to the end users. Without changes at PC users. I will be using the same
physical server, but in effect it will be a new server, new OS, new
version of Samba.
I Backed-up the server configuration:
Files:
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
Directories:
/etc/samba
/usr/lib/samba
/home/samba
/var/spool/samba
And I copied to the "new server (the same machine, domain and netBIOS name)" EXCEPT the secrets.tdb file.
The new PDC is working in appearance: Users and machines can log into the network and reach the resources.
But:
-Clients with roaming profiles is unable to get hold of its profile and uses a local copy.
-Windows NT servers (members of the domain) are out of the domain. I have to join it again.
-Network resources from Windows machines have loose domain users permisions. Domain users changed loose their SID and I have to set the user permisions again.
-W2000 clients don't execute the logon script.
-The web based application "changepassword" doesn't work properly: Users can change their password but then they can't logon.
They have to change to their old password to enter in the domain.
-System registry entries (10-25 per second) like this:
Aug 12 08:39:07 iveserver smbd[18986]: [2004/08/12 08:39:07, 0] smbd/service.c:make_connection_snum(535)
Aug 12 08:39:07 iveserver smbd[18986]: Can't become connected user!
I know that mostly of this is because domain's SID has changed.
If I copy the old secrets.tdb, I suppouse that get the old domain's SID:
-The network resources from Windows machines recover the old domain users permisions.
-When I take a PC from the original Domain and connect it to the test network and reboot the machine, I get an error stating that it can't find the domain even though the machine has a linux account and a samba account
(both copied from the old Domain).
-I can't log into the domain from PCs with any domain user account, I can do it with the user accounts that are defined in the PC only.
I'll thank any ideas. This is a production server.
More information about the samba
mailing list