[Samba] Machine accounts by migrating from smbpasswd to ldapsam
Tomas Lohr
lohr at moser-glass.com
Mon Nov 1 11:15:51 GMT 2004
Hi all,
I'm wondering what about machine accounts (WinXP) by migrating from
Samba 2.2.8 with authentication backend /etc/smbpasswd to Samba 3.0.4
with ldapsam.
Is it possible just to take NT hash from smbpasswd and paste it to
ldap record as sambaNTPassword?
I'm not able to login from machine vs3 to new domain. My
configuration files and log files follow. The Samba-SID is the same
on the old server and on the new server.
How to transport machine accounts from the old backend to the new
without reconnecting machines to the new domain? Do you know where is
the problem?
Thanx for your help
Tomas Lohr
The record from /etc/smbpasswd looks like:
vs3$:501:F74786067472.....3E527018D189760:382721F51C7C.....C9C1E9A81B5
B145:[W ]:LCT-416E659B:
The specific record from ldap looks like:
hp3:/ # ldapsearch -x -D "cn=Manager,dc=moser-glass,dc=com" -W -b
'dc=moser-glass,dc=com' 'cn=vs3$'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=moser-glass,dc=com> with scope sub
# filter: cn=vs3$
# requesting: ALL
#
# VS3$, Computers, moser-glass.com
dn: uid=VS3$,ou=Computers,dc=moser-glass,dc=com
gidNumber: 513
homeDirectory: /dev/null
loginShell: /bin/false
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 0
sambaSID: S-1-5-21-1065381148-2072401369-4150041673-3180
sambaPrimaryGroupSID: S-1-5-21-1065381148-2072401369-4150041673-553
uidNumber: 501
sambaAcctFlags: [W ]
cn: vs3$
sn: vs3$
uid: vs3$
description: Computer VS3
sambaNTPassword: 382721F51C7C.....C9C1E9A81B5B145
sambaLMPassword: F74786067472.....3E527018D189760
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
The samba log /var/log/samba/log.vs3 writes:
[2004/10/29 18:09:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
init_sam_from_ldap: Entry found for user: vs3$
[2004/10/29 18:09:47, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
get_md4pw: Workstation VS3$: no account in domain
[2004/10/29 18:09:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
init_sam_from_ldap: Entry found for user: vs3$
[2004/10/29 18:09:47, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
get_md4pw: Workstation VS3$: no account in domain
[2004/10/29 18:09:58, 2] smbd/server.c:exit_server(568)
Closing connections
Important part of new /etc/samba/smb.conf:
[global]
server string = hp3
netbios name = HP3
workgroup = MOSERAS
domain master = Yes
preferred master = Yes
domain logons = Yes
dos charset = 852
unix charset = ISO-8859-2
os level = 99
time server = Yes
wins support = yes
name resolve order = wins lmhosts bcast host
max log size = 1000
log file = /var/log/samba/log.%m
log level = 2
syslog = 0
lanman auth = Yes
map acl inherit = Yes
null passwords = No
interfaces = eth0
encrypt passwords = true
winbind use default domain = Yes
passdb backend = ldapsam:ldap://localhost
min password length = 5
ldap admin dn = "cn=Manager,dc=moser-glass,dc=com"
ldap delete dn = No
ldap suffix = dc=moser-glass,dc=com
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap passwd sync = Yes
ldap idmap suffix = ou=Idmap
pam password change = No
idmap gid = 10000-20000
idmap uid = 10000-20000
More information about the samba
mailing list