[Samba] Can't login to Samba PDC

Mon Mar 1 17:42:48 GMT 2004

First thing is...please keep this on list

Second thing is...if NT is a PDC, then machine accounts should be
created on that system - You can't simulataneously have a Windows &
Samba PDC/BDC of any combination. How would you be sure which machine is
getting the machine accounts and which machine is handling the
authentication?

Craig

On Mon, 2004-03-01 at 09:48, Scott Gross wrote:
> First thing is first.  I need to be able to join a machine to the domain and
> be able to login to the domain.   This is just to test and make sure the new
> Samba server is working.  This is the problem I'm having and what I'm
> looking for help on.  Not how to migrate my users.  
> 
> > -----Original Message-----
> > From: Craig White [mailto:craigwhite at azapple.com]
> > Sent: Monday, March 01, 2004 8:52 AM
> > To: Scott Gross
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't login to Samba PDC
> > 
> > Please keep this on list...
> > 
> > The logical thing to do would be to keep your NT server as the PDC. Set
> > up samba not to be a domain controller at all but as a member server to
> > the domain (join that machine to the domain - using password server =
> > PDC / security = domain and net join ...)
> > 
> > That way, you can create all of the users, join all the machines, set up
> > roaming profiles (on the 'member' server) and get all ready. Then, when
> > you are ready, you can do the net rpc vampire command and suck all of
> > the user accounts/machine accounts/groups into your LDAP.
> > 
> > Craig
> > 
> > On Mon, 2004-03-01 at 09:34, Scott Gross wrote:
> > > I was planning to do each machine manually rather than using scripts to
> > move
> > > the users as I have to change a lot of things on the users PC to keep
> > them
> > > running after I move them to the new domain.  So my intention was to
> > join
> > > the computer to the new domain, add the user to the Samba domain then
> > > configure their PC for the new e-mail system and such.  I have to do
> > about
> > > 100 workstations in many different locations and a slow change over with
> > no
> > > problems is preferable to a faster one where users might experience
> > > problems.
> > >
> > > This having been said I'm still having problems that after I join the
> > > workstation to the new domain I can't login to it.
> > >
> > > > -----Original Message-----
> > > > From: Craig White [mailto:craigwhite at azapple.com]
> > > > Sent: Friday, February 27, 2004 9:33 PM
> > > > To: Scott Gross
> > > > Cc: samba at lists.samba.org
> > > > Subject: RE: [Samba] Can't login to Samba PDC
> > > >
> > > > Let's keep this on list - there are a lot brighter people than I am on
> > > > this stuff...
> > > >
> > > > On Fri, 2004-02-27 at 19:58, Scott Gross wrote:
> > > >
> > > > > 3 - migrate? as in net rpc vampire? - how certain are you that LDAP
> > is
> > > > > working? Does LDAP handle linux login? Are you logging ldap
> > connections
> > > > > etc?
> > > > >
> > > > > migrate as in move from one to the other.  I'm trying to get the
> > Samba
> > > > > server running while we're using NT4 and then I will move my users
> > and
> > > > > workstations to the new domain.  I'm going to move them one machine
> > and
> > > > user
> > > > > at a time manually.  Yes LDAP handles the linux logins as well and
> > this
> > > > is
> > > > > working.  I haven't set-up the LDAP to log the logins but this is
> > > > something
> > > > > I want to do as well.
> > > > ----
> > > > OK - I am trying to understand what you are telling me.
> > > >
> > > > I can't possibly envision a scenario that you can make this work -
> > > > moving one computer and one user over at a time. The computer accounts
> > > > continually change their passwords.
> > > >
> > > > This is what the net rpc vampire command is designed to do, move the
> > > > machine accounts, user accounts and group accounts over to new setup
> > > > while still retaining all the SID structure. It indeed works - I know
> > > > because I did it.
> > > >
> > > > That is not to say that it is without it's problems but it is - the
> > > > intended method and I learned a long time ago about the benefit to
> > > > calculate wind direction before I start peeing.
> > > >
> > > > If you really feel as though you have LDAP set up properly - it
> > appears
> > > > that you have a grasp on it since you can run ldapsearch from command
> > > > line (I am shocked at the number of people that think they have LDAP
> > > > running and can't query LDAP), then you really should just slapcat
> > your
> > > > current setup, dump it, slapadd the stuff you need into LDAP and use
> > the
> > > > net rpc vampire and suck it all in. You should have no problem getting
> > > > it to simultaneously add the posixAccount & sambaSamAccount properties
> > -
> > > > the only things that you may have to reconcile are 1 - existing
> > accounts
> > > > in posixland that you want to be both posix & samba (perhaps you have
> > > > overlap and different passwords/uid's) and 2 - It's hard to pull the
> > > > plug on the existing NT 4 server because it probably has file & print
> > > > shares that you wanna keep around...try shutting off the netlogon
> > > > service AFTER - you change the settings in smb.conf to make it PDC
> > like
> > > > and restarting smbd/nmbd. It will still be mostly functional
> > > >
> > > > Craig