[Samba] Can't login to Samba PDC
Craig White
craigwhite at azapple.com
Sat Feb 28 05:33:28 GMT 2004
Let's keep this on list - there are a lot brighter people than I am on
this stuff...
On Fri, 2004-02-27 at 19:58, Scott Gross wrote:
> 3 - migrate? as in net rpc vampire? - how certain are you that LDAP is
> working? Does LDAP handle linux login? Are you logging ldap connections
> etc?
>
> migrate as in move from one to the other. I'm trying to get the Samba
> server running while we're using NT4 and then I will move my users and
> workstations to the new domain. I'm going to move them one machine and user
> at a time manually. Yes LDAP handles the linux logins as well and this is
> working. I haven't set-up the LDAP to log the logins but this is something
> I want to do as well.
----
OK - I am trying to understand what you are telling me.
I can't possibly envision a scenario that you can make this work -
moving one computer and one user over at a time. The computer accounts
continually change their passwords.
This is what the net rpc vampire command is designed to do, move the
machine accounts, user accounts and group accounts over to new setup
while still retaining all the SID structure. It indeed works - I know
because I did it.
That is not to say that it is without it's problems but it is - the
intended method and I learned a long time ago about the benefit to
calculate wind direction before I start peeing.
If you really feel as though you have LDAP set up properly - it appears
that you have a grasp on it since you can run ldapsearch from command
line (I am shocked at the number of people that think they have LDAP
running and can't query LDAP), then you really should just slapcat your
current setup, dump it, slapadd the stuff you need into LDAP and use the
net rpc vampire and suck it all in. You should have no problem getting
it to simultaneously add the posixAccount & sambaSamAccount properties -
the only things that you may have to reconcile are 1 - existing accounts
in posixland that you want to be both posix & samba (perhaps you have
overlap and different passwords/uid's) and 2 - It's hard to pull the
plug on the existing NT 4 server because it probably has file & print
shares that you wanna keep around...try shutting off the netlogon
service AFTER - you change the settings in smb.conf to make it PDC like
and restarting smbd/nmbd. It will still be mostly functional
Craig
More information about the samba
mailing list