[Samba] Migrating NT4 Domain with Idealx tools

Marcel de Riedmatten mdr at dotforge.ch
Fri Nov 12 15:47:52 GMT 2004 

Le mar 09/11/2004 à 17:57, Paul Coray a écrit :
> Hi all
> 
> For several days I've been doing tests for our upcoming migration from 
> an NT domain to Samba PDC with ldapsam. We have ~200 clients, mostly NT4 
> and some Win2k. We want all of our users eventually switch from Windows 
> to KDE on Linux with thin clients through NX :-)
> 
> I managed to net rpc vampire all user and machine accounts into LDAP, 
> but then I realized some problems:
> 
> - The migrated machine accounts have no samba attributes. I can 
> reproduce this behavior adding a machine account doing smbldap-useradd 
> -w [machinename], just as in the 'add machine script' line in smb.conf 
> suggested by Idealx. The machine account  machinename$ will exist then, 
> but without sambaSAMAccount object class nor any other samba attribute. 
> Only after adding these by hand and joning the machine to my samba 
> domain, users can login. I tried also using smbldap-useradd with 
> multiple options, -w for workstation account and -a for samba 
> attributes, but no luck. I wish I shouldn't add 200 machines to an 
> already existing domain after the migration...

This doesn't seem normal.  The samba attribute should be added by the
vampire. So I would suspect some problem in the communication with the
PDC and double check that on the samba box 

1) you have the domain SID as local SID
2) you have joined the domain as BDC
3) you can see the attribute with net samdump 


> 
> - Users, once logged in to Linux, cannot change their password with 
> smbldap-passwd. They get 'user [username] doesn't exist.' Well, I'm 
> talking about a logged in user...


At distance this is a hard guess. I suggest that you look at the ldap
log to get an idea what happend. 

-- 
Marcel de Riedmatten

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
Url : http://lists.samba.org/archive/samba/attachments/20041112/d6b415e2/attachment.bin

More information about the samba mailing list