[Samba] HELP !!! migrating from win2000 pdc to linux pdc

Phil Dawson phil.dawson at gedys.co.uk
Wed Mar 16 09:46:27 GMT 2005


Hello,

I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode 
install ), 1 linux server ( to become pdc ) and a win xp box to test logon 
when the migration was completed.  The problem is no matter what I try 
after the migration the win xp's logonserver = windows server not linux 
server.  I have no idea what is going on here.  I've listed the process 
for migration just incase I'm doing something wrong.

NB: Initially I had a problem with the migration because machines were not 
being created.  The problem was due to useradd conforming to the posix 
standard and wouldn't allow accounts prefixed with $.  Got an interim fix 
from RedHat which fixed this problem.

Is there anything obvious I've missed?  I've been at this for weeks now 
and have no idea what to check next. ( logs are a blur now ).


Domain: TESTPDC0
Windows 2000:   TESTPDC                 ( 192.168.44.80 )
Linux Server    LINUXPDC   ( RHES4 )            ( 192.168.44.81 )
WinXP                                           ( 192.168.44.20 ) ( 
machine name HP96281120913 )


Added linuxpdc and testpdc to /etc/samba/lmhosts
Added linuxpdc and testpdc to our DNS


cleaned groups up with 

------ delGrps.sh ------------

net groupmap cleanup
net groupmap delete ntgroup="Print Operators"
net groupmap delete ntgroup="Domain Guests"
net groupmap delete ntgroup="System Operators"
net groupmap delete ntgroup="DnsAdmins"
net groupmap delete ntgroup="Replicator"
net groupmap delete ntgroup="Guests"
net groupmap delete ntgroup="Power Users"
net groupmap delete ntgroup="DnsUpdateProxy"
net groupmap delete ntgroup="Administrators"
net groupmap delete ntgroup="Account Operators"
net groupmap delete ntgroup="Backup Operators"
net groupmap delete ntgroup="Users"
net groupmap delete ntgroup="Domain Users"
net groupmap delete ntgroup="Domain Admins"
net groupmap delete ntgroup="Domain Computers"
net groupmap delete ntgroup="Cert Publishers"
net groupmap delete ntgroup="RAS and IAS Servers"
net groupmap delete ntgroup="Pre-Windows 2000 Compatible Access"
net groupmap delete ntgroup="Group Policy Creator Owners"
net groupmap delete ntgroup="Enterprise Admins"
net groupmap delete ntgroup="Domain Controllers"
net groupmap delete ntgroup="Schema Admins"
net groupmap delete ntgroup="Server Operators"

------ delGrps.sh end ------------


removed secrets.tdb and passwd.tdb

set up smb.conf to be ROLE_DOMAIN_BDC

< testparm showed no errors >

net rpc join -S testpdc -W testpdc0 -UAdministrator%password

< joined the domain ok.  checked on the win2000 server and linuxpdc was 
listed as a domain controller >

net rpc getsid -S testpdc -W testpdc0

< sid was put into secrets >

net getlocalsid testpdc0

< showed correct sid >

net getlocalsid

< no sid available so used: >

net setlocalsid < sid from above >

net getlocalsid

< correct sid showing >

< used initGrps.sh script to add groups >

------- initGrps.sh ----------

net groupmap modify ntgroup="Domain Admins" unixgroup=root
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody

------- initGrps.sh end ----------


net rpc vampire -S testpdc -U Administrator%password

< no errors>

< list the groups on win 2000 box >

net group -l -S testpdc -U Administrator%password

< list groups on linuxpdc >

net groupmap list

< everything seems ok >

< checked users and groups.  everything migrated ok. >

< added all imported users to the users group. >

< changed linuxpdc to be domain master >

testparm verified this

< switched off win2000 pdc >

< started smb with: >

service smb start

< switched on win xp box >

< used regedit to change signorseal >

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters
"RequireSignOrSeal"=dword:00000000

< re-booted xp machine >

< seemed to log in ok >

username: pdawson
password: password

< opened console with cmd >

< run set >

< LOGONSERVER=\\TESTPDC     <--- not what I was expecting >

< no drive mapping and logon.bat didn't run >
















Regards,

Phil 


More information about the samba mailing list