[Samba] Re: migrate profile from an old server to a new one - SID and ntuser.dat problem

christoph empl m_itch_de at yahoo.de
Thu Dec 8 17:16:34 GMT 2005 

Hi,

yes, i checked the permissions of the configuration
and profile files and directories and i think that
they are set correctly.
I have no idea why it doesn't work... 
A user with identical uid, gid and sid on a machine
with the same sid as the old one can't get writing
access to the ntuser.dat which has identical
permissions as before... ???

I hope that anybody has an idea what the problem is

thank you, Christoph


--- Pierre Lebrun <ple001 at artic.fr> schrieb:

> christoph empl wrote:
> > Hallo,
> > 
> > i think that my problem is getting smaller, but
> still
> > not small enough.
> > In between, i reinstalled samba. Now i have the
> > correct sid for the server and domain, and my
> users
> > have correct sids (see below), the server-,
> netbios
> > and domainname are the same as on the old server,
> i
> > preserved the uids and gids of the old server,
> > actually i copied the passwd, shadow, smbpasswd on
> the
> > new server.
> > But the problem is still: when i log onto a
> > workstation as a user, his old settings from the
> old
> > server are lost. He gets the desktop and whole
> > settings of the default user. There is no clue in
> the
> > logs why the user has (obviously) no access to his
> > ntuser.dat.
> > 
> > 
> > ==================
> > 
> > wap-samba:/ # net getlocalsid SAMBA
> > SID for domain SAMBA is:
> > S-1-5-21-918075609-1705896514-2904333612
> > 
> > ==================
> > 
> > wap-samba:/ # pdbedit -Lv empl
> > Unix username:        empl
> > NT username:
> > Account Flags:        [UX         ]
> > User SID:            
> > S-1-5-21-918075609-1705896514-2904333612-22120
> > Primary Group SID:   
> > S-1-5-21-918075609-1705896514-2904333612-1203
> > Full Name:            Empl Christoph
> > Home Directory:       \\samba\empl
> > HomeDir Drive:
> > Logon Script:
> > Profile Path:         \\samba\empl\profile
> > Domain:               SAMBA
> > Account desc:
> > Workstations:
> > Munged dial:
> > Logon time:           0
> > Logoff time:          9223372036854775807 seconds
> > since the Epoch
> > Kickoff time:         9223372036854775807 seconds
> > since the Epoch
> > Password last set:    Tue, 06 Dec 2005 16:49:42
> GMT
> > Password can change:  Tue, 06 Dec 2005 16:49:42
> GMT
> > Password must change: 9223372036854775807 seconds
> > since the Epoch
> > Last bad password   : 0
> > Bad password count  : 0
> > Logon hours         :
> > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > 
> > =========================
> > 
> > [2005/12/07 12:19:15, 2]
> > auth/auth.c:check_ntlm_password(305)
> >   check_ntlm_password:  authentication for user
> [empl]
> > -> [empl] -> [empl] succeeded
> > [2005/12/07 12:19:15, 2]
> > auth/auth.c:check_ntlm_password(305)
> >   check_ntlm_password:  authentication for user
> [empl]
> > -> [empl] -> [empl] succeeded
> > [2005/12/07 12:19:15, 1]
> > smbd/service.c:make_connection_snum(647)
> >   celsius01 (129.187.97.131) connect to service
> empl
> > initially as user empl (uid=10560, gid=101) (pid
> 4701)
> > [2005/12/07 12:19:15, 2]
> > rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
> >   Returning domain sid for domain SAMBA ->
> > S-1-5-21-918075609-1705896514-2904333612
> > [2005/12/07 12:19:15, 2]
> smbd/open.c:open_file(245)
> >   empl opened file profile/NTUSER.DAT read=Yes
> > write=No (numopen=1)
> > [2005/12/07 12:19:15, 2]
> smbd/open.c:open_file(245)
> >   empl opened file profile/ntuser.ini read=Yes
> > write=No (numopen=2)
> > [2005/12/07 12:19:16, 2]
> > smbd/close.c:close_normal_file(270)
> >   empl closed file profile/ntuser.ini (numopen=1)
> > [2005/12/07 12:19:16, 2]
> smbd/open.c:open_file(245)
> >   empl opened file profile/ntuser.ini read=Yes
> > write=No (numopen=2)
> > [2005/12/07 12:19:16, 2]
> smbd/open.c:open_file(245)
> >   empl opened file profile/ntuser.pol read=Yes
> > write=No (numopen=3)
> > [2005/12/07 12:19:16, 2]
> > smbd/close.c:close_normal_file(270)
> >   empl closed file profile/NTUSER.DAT (numopen=2)
> > [2005/12/07 12:19:16, 2]
> smbd/open.c:open_file(245)
> >   empl opened file profile/NTUSER.DAT read=Yes
> > write=No (numopen=3)
> > [2005/12/07 12:19:17, 2]
> smbd/open.c:open_file(245)
> >   empl opened file profile/NTUSER.DAT.LOG read=Yes
> > write=No (numopen=4)
> > [2005/12/07 12:19:23, 2]
> smbd/open.c:open_file(245)
> >   empl opened file profile/.fonts.cache-1 read=Yes
> > write=No (numopen=5)
> > [2005/12/07 12:19:23, 2]
> smbd/open.c:open_file(245)
> > 
> > 
> > thanks for your answers, Christoph
> > 
> > 
> > 
> > Hi, 
> > 
> > thank you for your quick answer...
> > 
> > Sorry, i forgot to tell you that i replaced the
> sid of
> > the new server with the sid of the old server. 
> > But then i have the problem that the user sid (and
> > gid) are structured like this:
> > old-sid-from-the-new-server-uid and not
> > sid-from-the-old-server-uid (the head of the users
> sid
> > consists of the sid from the new server, the one
> that
> > i replaced with the sid of the old server). So the
> > Users don't have access rights to their profiles,
> > because they don't have their original sids.
> > 
> > thank you, Christoph
> > 
> > Chritoph,
> > 
> > Your problem is that while having a new server, by
> > default
> > you have a new server SID. The problem is that you
> > want to
> > manage users who own SID from your 2.2 server. As
> we
> > can't
> > imagine to lose all users profile, you have to set
> the
> > 2.2
> > samba server SID on your 3.0 samba server.
> > 
> > This is a common migration problem.
> > 
> > What you must do is:
> > 
> > 1) On Samba 2.2: pick your 2.2 server SID
> > 
> > smbpasswd -X {your_domain}
> > This will give you a string like this one:
> > SID for domain mydomain is:
> > S-1-5-21-1547254743-587533270-2928086249
> > 
> > 
> > 2) On Samba 3.0: setting 3.0 SID with SID picked
> on
> > 2.2
> > Save the current 3.0 SID for eventual recovery
> needs
> > net getlocalsied > file_to_save_3.0_SID
> > 
> > Set 2.2 SID on 3.0 PDC like this:
> > net setlocalsid
> > S-1-5-21-1547254743-587533270-2928086249
> > 
> > Restart samba and I think things should go better.
> > 
> > Regards,
> > 
> > Pierre
> > 
> > christoph empl wrote:
> >> Hi,
> >>
> >> i did the change according to your guideline, but
> id
> >> don't know how i can preserve the sids and gids
> of
> 
=== message truncated ===



	

	
		
___________________________________________________________ 
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de

More information about the samba mailing list