[Samba] Trouble replicating samba
geza at kzsdabas.sulinet.hu
Mon Mar 15 21:12:55 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Borja Pacheco írta:
| Dear all,
| I'm experencing a big trouble with samba and an instalation we had at my
| enterprise's intranet. This intranet is based on a Samba server v2 wich
| acts as Primary Domain Controller, wins server and file server. All
| these features works great nowadays.
| Our issue, is with a newest server that we are interested to replace the
| previous samba server in order to improve the performance and
| realibility to our users. For this reasen we have installed the samba
| daemon in this machine (keeping samba version, but minor version
| numbers) and we have copied everything from one server to the other, I
| mean, smb.conf, lmhost, smbpasswd, etc, and we have updated the smb.conf
| to change the IP address and netlogon name. Of course, we have updated
| the system's groups and users, and syncronize data.
| When we startup the service on the newest one (after shutting down in
| the other), we noticed that samba becomes domain master, master browser
| and that we can access files through smbclient. The trouble is with the
| MS Windows clients, which can't register in the domain anymore, Windows
| tell us that the machine account doesn't exist or the password is wrong.
| These accounts were created with smbpasswd -a -m, so they exists. So it
| seems to, that the autonegociated password is failing.
| Does anybody knows why is it failing? Is it related with the SIDs? What
| are these SIDs? Could you suggest me a solution?
Depending on your Samba version:
You should start your old Samba instalation, then on your new machine as
root you should do smbpasswd -S (Terebly sorry I'm not 100% about the -S
switch, I used last time 2.2.x long time ago, about a year, so please
read its manpage first)
Start your old Samba installation. Run net getlocalsid. Note the string
(S-...) obtained. Shut it down. Start up the new Samba installation, and
run net setlocalsid the_previously_noted string
After doing that you will need to rejoin thoose machines, which were
rejoined :-( .
Setting the correct SID is vital in the Windows world, since Windows
operating systems identify all security objects: domains, users, groups,
and computers, by their SID.
| PD. we tried to remove a Windows client from the domain, and latter,
| register it again. And it seems to work, but we have to waste lots of
| time on every client, and we have more or less 300...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba