[Samba] Migrating NT4 Domain with Idealx tools
Paul Coray
paul.coray at unibas.ch
Sat Nov 13 11:23:30 GMT 2004
Marcel de Riedmatten wrote:
> Le mar 09/11/2004 à 17:57, Paul Coray a écrit :
>
>>Hi all
>>
>>For several days I've been doing tests for our upcoming migration from
>>an NT domain to Samba PDC with ldapsam. We have ~200 clients, mostly NT4
>>and some Win2k. We want all of our users eventually switch from Windows
>>to KDE on Linux with thin clients through NX :-)
>>
>>I managed to net rpc vampire all user and machine accounts into LDAP,
>>but then I realized some problems:
>>
>>- The migrated machine accounts have no samba attributes. I can
>>reproduce this behavior adding a machine account doing smbldap-useradd
>>-w [machinename], just as in the 'add machine script' line in smb.conf
>>suggested by Idealx. The machine account machinename$ will exist then,
>>but without sambaSAMAccount object class nor any other samba attribute.
>>Only after adding these by hand and joning the machine to my samba
>>domain, users can login. I tried also using smbldap-useradd with
>>multiple options, -w for workstation account and -a for samba
>>attributes, but no luck. I wish I shouldn't add 200 machines to an
>>already existing domain after the migration...
>
>
> This doesn't seem normal. The samba attribute should be added by the
> vampire.
But I my case it doesn't... net rpc vampire says 'Couldn't create Posix
information for machinename$'. Well in reality, it did, but without
samba atrrs.
Now I realize this works when i configure LDAP and Idealx-Tools to store
machine accounts in the same container as useraccounts. Although this
makes my directory look somewhat messy, I can live with it if I have to.
Still I can't add machines doing smbldap-useradd -w, nor when I try to
join the domain from a client.
So I would suspect some problem in the communication with the
> PDC and double check that on the samba box
>
> 1) you have the domain SID as local SID
Do SIDS for the PDC and for the domain have to be the same?
> 2) you have joined the domain as BDC
> 3) you can see the attribute with net samdump
>
>
>
>>- Users, once logged in to Linux, cannot change their password with
>>smbldap-passwd. They get 'user [username] doesn't exist.' Well, I'm
>>talking about a logged in user...
>
>
>
> At distance this is a hard guess. I suggest that you look at the ldap
> log to get an idea what happend.
>
Rgds
Paul
More information about the samba
mailing list