[Samba] Machine accounts, Samba 3, NT Domain migration

Andrew Bartlett abartlet at samba.org
Sat Mar 20 11:33:14 GMT 2004 

On Sat, 2004-03-20 at 20:02, Beast wrote:
> * "M Saqib Ilyas" <msaqib at ieee.org> nulis:
> 
> > Greetings everyone
> > I finally succeeded in doing the seemingly most difficult thing, "following directions." I got my act together configuring the smb.conf and migrating using net rpc vampire into tdbsam. There are issues with this migration in which computer netbios names which are obviously all uppercase were not being created in /etc/passwd. I put my C cap on and converted the computer names to lowercase before handing them over to the add machine script. When I join a machine to the domain, it works beautifully, but there is a problem with the migrated machine accounts. No machine can log on because its account is not valid on the samba DC. The way I structured my add machine shell script is this:
> > 
> > #!/bin/sh
> > str=`/etc/samba/convert $1`
> > useradd -d /dev/null -g machines -s /bin/false -M $str
> > passwd -l $str
> > compname=`echo $str | cut -f1 -d$`
> > smbpasswd -a -m -n $compname

This looks really suspect, if that was intended to be an 'add
user/machine script'.  Samba sets the password into tdbsam, the 'add
user/machine script' should deal with the posix side only.

> > 
> > I must be doing something unnecessary here for the migrated machine accounts not to work. Can someone throw some light on this? I am sorry if this has already been answered. It must have, but I couldnt find it using any searches that my limited intellect could come up with on the list archives. Appreciate your time.
> > Saqib Ilyas
> 
> 
> Well, congratulations.
> most likely you need to rejoin all of your clients before running rpc vampire.
> 
> After this step is complete, you can then login from client to samba  domain without rejoining again.

You should *never* have to rejoin clients.  Ever.  That is the point of
a vampired system.  If there are situations where you do have to rejoin
machines, then this is either a bug, or administrator error (such as not
having valid machine accounts in /etc/passwd or equiv).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040320/364cc9b3/attachment.bin

More information about the samba mailing list