[Samba] Can't login to Samba PDC

[Craig White]

On Mon, 2004-03-01 at 10:42, Scott Gross wrote:
> First thing is what list do you keeping talking about?  Am I not supposed to
> be asking about Samba things in this list?
> 
---
The Samba list is the list I am specifically referring to. Everytime you
hit the 'reply' button, it replies only to me. If you hit 'reply to all'
it will also reply to the samba list. Every reply I have hit, I have
added the samba at lists.samba.org to the address because you seem to only
want to reply to me. Thus, you would be asking Samba things to the samba
list if you would only include the samba list in your replies.
---
> Second is the domain names are different.  That is how you can tell which
> domain you are logging into.  Why don't you try helping with the problem or
> let someone else if you don't want to.
> 
---
I would be happy to let someone else help you - you have to actually
post to the list instead of just emailing me.

If the domain names are different, then your usage of the term migrate
in your original email was misleading and I'm sorry it took me 4 emails
to get this information out of you.

Evidently, the method you are using to 'join' the domain with the
computer isn't functioning properly. Are you putting the computer
accounts in the 'People' container? Is root a samba member? Do you use
the Win2K/WinXP wizard to join the domain? 

Craig

> 
> > -----Original Message-----
> > From: Craig White [mailto:craigwhite at azapple.com]
> > Sent: Monday, March 01, 2004 9:43 AM
> > To: Scott Gross
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Can't login to Samba PDC
> > 
> > First thing is...please keep this on list
> > 
> > Second thing is...if NT is a PDC, then machine accounts should be
> > created on that system - You can't simulataneously have a Windows &
> > Samba PDC/BDC of any combination. How would you be sure which machine is
> > getting the machine accounts and which machine is handling the
> > authentication?
> > 
> > Craig
> > 
> > On Mon, 2004-03-01 at 09:48, Scott Gross wrote:
> > > First thing is first.  I need to be able to join a machine to the domain
> > and
> > > be able to login to the domain.   This is just to test and make sure the
> > new
> > > Samba server is working.  This is the problem I'm having and what I'm
> > > looking for help on.  Not how to migrate my users.
> > >
> > > > -----Original Message-----
> > > > From: Craig White [mailto:craigwhite at azapple.com]
> > > > Sent: Monday, March 01, 2004 8:52 AM
> > > > To: Scott Gross
> > > > Cc: samba at lists.samba.org
> > > > Subject: RE: [Samba] Can't login to Samba PDC
> > > >
> > > > Please keep this on list...
> > > >
> > > > The logical thing to do would be to keep your NT server as the PDC.
> > Set
> > > > up samba not to be a domain controller at all but as a member server
> > to
> > > > the domain (join that machine to the domain - using password server =
> > > > PDC / security = domain and net join ...)
> > > >
> > > > That way, you can create all of the users, join all the machines, set
> > up
> > > > roaming profiles (on the 'member' server) and get all ready. Then,
> > when
> > > > you are ready, you can do the net rpc vampire command and suck all of
> > > > the user accounts/machine accounts/groups into your LDAP.
> > > >
> > > > Craig
> > > >
> > > > On Mon, 2004-03-01 at 09:34, Scott Gross wrote:
> > > > > I was planning to do each machine manually rather than using scripts
> > to
> > > > move
> > > > > the users as I have to change a lot of things on the users PC to
> > keep
> > > > them
> > > > > running after I move them to the new domain.  So my intention was to
> > > > join
> > > > > the computer to the new domain, add the user to the Samba domain
> > then
> > > > > configure their PC for the new e-mail system and such.  I have to do
> > > > about
> > > > > 100 workstations in many different locations and a slow change over
> > with
> > > > no
> > > > > problems is preferable to a faster one where users might experience
> > > > > problems.
> > > > >
> > > > > This having been said I'm still having problems that after I join
> > the
> > > > > workstation to the new domain I can't login to it.
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Craig White [mailto:craigwhite at azapple.com]
> > > > > > Sent: Friday, February 27, 2004 9:33 PM
> > > > > > To: Scott Gross
> > > > > > Cc: samba at lists.samba.org
> > > > > > Subject: RE: [Samba] Can't login to Samba PDC
> > > > > >
> > > > > > Let's keep this on list - there are a lot brighter people than I
> > am on
> > > > > > this stuff...
> > > > > >
> > > > > > On Fri, 2004-02-27 at 19:58, Scott Gross wrote:
> > > > > >
> > > > > > > 3 - migrate? as in net rpc vampire? - how certain are you that
> > LDAP
> > > > is
> > > > > > > working? Does LDAP handle linux login? Are you logging ldap
> > > > connections
> > > > > > > etc?
> > > > > > >
> > > > > > > migrate as in move from one to the other.  I'm trying to get the
> > > > Samba
> > > > > > > server running while we're using NT4 and then I will move my
> > users
> > > > and
> > > > > > > workstations to the new domain.  I'm going to move them one
> > machine
> > > > and
> > > > > > user
> > > > > > > at a time manually.  Yes LDAP handles the linux logins as well
> > and
> > > > this
> > > > > > is
> > > > > > > working.  I haven't set-up the LDAP to log the logins but this
> > is
> > > > > > something
> > > > > > > I want to do as well.
> > > > > > ----
> > > > > > OK - I am trying to understand what you are telling me.
> > > > > >
> > > > > > I can't possibly envision a scenario that you can make this work -
> > > > > > moving one computer and one user over at a time. The computer
> > accounts
> > > > > > continually change their passwords.
> > > > > >
> > > > > > This is what the net rpc vampire command is designed to do, move
> > the
> > > > > > machine accounts, user accounts and group accounts over to new
> > setup
> > > > > > while still retaining all the SID structure. It indeed works - I
> > know
> > > > > > because I did it.
> > > > > >
> > > > > > That is not to say that it is without it's problems but it is -
> > the
> > > > > > intended method and I learned a long time ago about the benefit to
> > > > > > calculate wind direction before I start peeing.
> > > > > >
> > > > > > If you really feel as though you have LDAP set up properly - it
> > > > appears
> > > > > > that you have a grasp on it since you can run ldapsearch from
> > command
> > > > > > line (I am shocked at the number of people that think they have
> > LDAP
> > > > > > running and can't query LDAP), then you really should just slapcat
> > > > your
> > > > > > current setup, dump it, slapadd the stuff you need into LDAP and
> > use
> > > > the
> > > > > > net rpc vampire and suck it all in. You should have no problem
> > getting
> > > > > > it to simultaneously add the posixAccount & sambaSamAccount
> > properties
> > > > -
> > > > > > the only things that you may have to reconcile are 1 - existing
> > > > accounts
> > > > > > in posixland that you want to be both posix & samba (perhaps you
> > have
> > > > > > overlap and different passwords/uid's) and 2 - It's hard to pull
> > the
> > > > > > plug on the existing NT 4 server because it probably has file &
> > print
> > > > > > shares that you wanna keep around...try shutting off the netlogon
> > > > > > service AFTER - you change the settings in smb.conf to make it PDC
> > > > like
> > > > > > and restarting smbd/nmbd. It will still be mostly functional
> > > > > >
> > > > > > Craig