[Samba] HELP !!! migrating from win2000 pdc to linux pdc
phil.dawson at gedys.co.uk
Thu Mar 17 08:32:21 GMT 2005
In my original port I said
quote: "changed linuxpdc to be domain master"
I wrote to mean "changed linuxpdc to be ROLE_DOMAIN_PDC". Sorry if I
didn't make myself clear. I did test with testparm before trying to log
on. Everything looked ok. Again, it didn't work. What I have tried
since is to take the winxp box out of the domain and re-join it to the
domain when linuxpdc is the PDC. Now when I log on and run the set
command is see LOGONSERVER=//LINUXPDC which is what I was expecting
originally. Still having problems getting logon.bat to run when logging
on. Will have a look at this today. I'm also going through the logs and
settings/password files etc to see if I can spot any differences.
xp box can log onto the domain when LINUXPDC is the PDC for the domain. (
after re-joining )
all shares are available
linuxpdc is visible in the network
i think its safe to say DNS entries are ok. winxp hack worked because we
have proved we can log onto the linuxpdc.
Another question is, if I take machines out of the domain then re-add them
as I have done above and as long as the domain has the same SID when I
re-join machines to the domain will they use the same local profile ( my
documents / desktop ) etc ...
Any other ideas ???
John H Terpstra <jht at samba.org>
Sent by: samba-bounces+pd=gedys.co.uk at lists.samba.org
Please respond to
jht at samba.org
samba at lists.samba.org
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
After migrating the domain data did you change the role of the Samba
In your smb.conf you need to set in [global]:
domain master = Yes
The run 'testparm' to validate your settings.
- John T.
On Wednesday 16 March 2005 05:39, Phil Dawson wrote:
> Second post: first had logs attached but was too big.
> I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode
> install ), 1 linux server ( to become pdc ) and a win xp box to test
> when the migration was completed. The problem is no matter what I try
> after the migration the win xp's logonserver = windows server not linux
> server. I have no idea what is going on here. I've listed the process
> for migration just incase I'm doing something wrong.
> NB: Initially I had a problem with the migration because machines were
> being created. The problem was due to useradd conforming to the posix
> standard and wouldn't allow accounts prefixed with $. Got an interim
> from RedHat which fixed this problem.
> i can log in using
> smbclient -L localhost -U% -- anonymous shares available
> smbclient -L //linuxpdc/public -U pdawson -- shares available plus home
> Is there anything obvious I've missed? I've been at this for weeks now
> and have no idea what to check next. ( logs are a blur now ).
> for the purpose of log entries ( supplied if requested )
> Domain: TESTPDC0
> Windows 2000: TESTPDC ( 192.168.44.80 )
> Linux Server LINUXPDC ( RHES4 ) ( 192.168.44.81 )
> WinXP ( 192.168.44.20 ) (
> machine name HP96281120913 )
> Added linuxpdc and testpdc to /etc/samba/lmhosts
> Added linuxpdc and testpdc to our DNS
> cleaned groups up with
> ------ delGrps.sh ------------
> net groupmap cleanup
> net groupmap delete ntgroup="Print Operators"
> net groupmap delete ntgroup="Domain Guests"
> net groupmap delete ntgroup="System Operators"
> net groupmap delete ntgroup="DnsAdmins"
> net groupmap delete ntgroup="Replicator"
> net groupmap delete ntgroup="Guests"
> net groupmap delete ntgroup="Power Users"
> net groupmap delete ntgroup="DnsUpdateProxy"
> net groupmap delete ntgroup="Administrators"
> net groupmap delete ntgroup="Account Operators"
> net groupmap delete ntgroup="Backup Operators"
> net groupmap delete ntgroup="Users"
> net groupmap delete ntgroup="Domain Users"
> net groupmap delete ntgroup="Domain Admins"
> net groupmap delete ntgroup="Domain Computers"
> net groupmap delete ntgroup="Cert Publishers"
> net groupmap delete ntgroup="RAS and IAS Servers"
> net groupmap delete ntgroup="Pre-Windows 2000 Compatible Access"
> net groupmap delete ntgroup="Group Policy Creator Owners"
> net groupmap delete ntgroup="Enterprise Admins"
> net groupmap delete ntgroup="Domain Controllers"
> net groupmap delete ntgroup="Schema Admins"
> net groupmap delete ntgroup="Server Operators"
> ------ delGrps.sh end ------------
> removed secrets.tdb and passwd.tdb
> set up smb.conf to be ROLE_DOMAIN_BDC
> < testparm showed no errors >
> net rpc join -S testpdc -W testpdc0 -UAdministrator%password
> < joined the domain ok. checked on the win2000 server and linuxpdc was
> listed as a domain controller >
> net rpc getsid -S testpdc -W testpdc0
> < sid was put into secrets >
> net getlocalsid testpdc0
> < showed correct sid >
> net getlocalsid
> < no sid available so used: >
> net setlocalsid S-1-5-21-705938202-4238141491-2786779978
> net getlocalsid
> < used initGrps.sh script to add groups >
> ------- initGrps.sh ----------
> net groupmap modify ntgroup="Domain Admins" unixgroup=root
> net groupmap modify ntgroup="Domain Users" unixgroup=users
> net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
> ------- initGrps.sh end ----------
> net rpc vampire -S testpdc -U Administrator%password
> < no errors>
> < list the groups on win 2000 box >
> net group -l -S testpdc -U Administrator%password
> < list groups on linuxpdc >
> net groupmap list
> Server Operators (S-1-5-32-549) -> Server Operators
> Domain Guests (S-1-5-21-705938202-4238141491-2786779978-514) -> nobody
> Enterprise Admins (S-1-5-21-705938202-4238141491-2786779978-519) ->
> Enterprise Admins
> DnsAdmins (S-1-5-21-705938202-4238141491-2786779978-1101) -> DnsAdmins
> Domain Controllers (S-1-5-21-705938202-4238141491-2786779978-516) ->
> Domain Controllers
> Administrators (S-1-5-21-705938202-4238141491-2786779978-1007) -> sys
> Schema Admins (S-1-5-21-705938202-4238141491-2786779978-518) -> Schema
> Replicators (S-1-5-21-705938202-4238141491-2786779978-1019) -> kmem
> Replicator (S-1-5-32-552) -> Replicator
> Guests (S-1-5-32-546) -> nobody
> Group Policy Creator Owners
> -> Group Policy Creator Owners
> Domain Users (S-1-5-21-705938202-4238141491-2786779978-1201) -> users
> Power Users (S-1-5-32-547) -> ntadmin
> Domain Guests (S-1-5-21-705938202-4238141491-2786779978-1199) -> nobody
> DnsUpdateProxy (S-1-5-21-705938202-4238141491-2786779978-1102) ->
> Print Operators (S-1-5-32-550) -> lp
> Administrators (S-1-5-32-544) -> Administrators
> Pre-Windows 2000 Compatible Access (S-1-5-32-554) -> Pre-Windows 2000
> Compatible Access
> Account Operators (S-1-5-32-548) -> wheel
> Domain Admins (S-1-5-21-705938202-4238141491-2786779978-1001) -> root
> Account Operators (S-1-5-21-705938202-4238141491-2786779978-1021) ->
> Backup Operators (S-1-5-32-551) -> bin
> Users (S-1-5-32-545) -> public
> Backup Operators (S-1-5-21-705938202-4238141491-2786779978-1003) -> bin
> RAS and IAS Servers (S-1-5-21-705938202-4238141491-2786779978-553) ->
> and IAS Servers
> Print Operators (S-1-5-21-705938202-4238141491-2786779978-1015) -> lp
> Domain Users (S-1-5-21-705938202-4238141491-2786779978-513) -> users
> System Operators (S-1-5-21-705938202-4238141491-2786779978-1005) ->
> Domain Computers (S-1-5-21-705938202-4238141491-2786779978-515) ->
> Domain Admins (S-1-5-21-705938202-4238141491-2786779978-512) -> root
> Cert Publishers (S-1-5-21-705938202-4238141491-2786779978-517) -> Cert
> < everything seems ok >
> < checked users and groups. everything migrated ok. >
> < added all imported users to the users group. >
> < changed linuxpdc to be domain master >
> testparm verified this
> < switched off win2000 pdc >
> < started smb with: >
> service smb start
> < switched on win xp box >
> < used regedit to change signorseal >
> < re-booted xp machine >
> < seemed to log in ok >
> username: pdawson
> password: password
> < opened console with cmd >
> < run set >
> < LOGONSERVER=\\TESTPDC <--- not what I was expecting >
> < no drive mapping and logon.bat didn't run >
> <<<< had to remove logs ... too big for list. could be supplied on
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
To unsubscribe from this list go to the following URL and read the
More information about the samba