[Samba] Profiles change when migrating from NT4 to Samba PDC

Mon Oct 10 17:47:24 GMT 2005

Philip Washington wrote:

> Craig White wrote:
>
>> On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote:
>>  
>>
>>> On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote:
>>>   
>>>
>>>> After migration of an NT4 domain to Samba we find that when users 
>>>> log in they have a new profile.  Since we cannot deal with this on 
>>>> all of the computers with all of the users we have had to stop the 
>>>> migration.
>>>> I have searched through the archive and not been able to find any 
>>>> answers to this issue,  I did find a relevant article though and 
>>>> apparently they didn't have an answer in 2002. 
>>>> http://lists.samba.org/archive/samba/2002-August/050163.html
>>>> Has anyone found a way to resolve this?
>>>> We are not using roaming profiles.
>>>>     
>>>
>>> ----
>>> I am hoping that you really aren't looking for wild speculation as to
>>> what may be the problem. Some things that you should consider sharing
>>> with us so that we might be able to make a useful suggestion...
>>>
>>> samba version ?
>>>
>>> SID ? 'net getlocalsid' does this match the SID of the domain that the
>>> machines that were already joined to the domain? Did you actually 'net
>>> setlocalsid' to match?
>>>
>>> from your smb.conf
>>> passdb ?
>>> logon path = ?
>>> security = ?
>>> domain logons = ?
>>> domain master = ?
>>> preferred master = ?
>>>
>>> If we took an example of one or two users who had a problem with their
>>> profiles...what's output of things like
>>>
>>> pdbedit -L USER_NAME ?
>>>
>>> does the profile path actually work? Is it reachable from a Windows
>>> system?
>>> privileges on profile server permit access?
>>>
>>> otherwise, I would just say that you're having a bad day.
>>>
>>>   
>>
>> ----
>> I should have pointed out...
>>
>> logon path =
>>
>> (that's right - blank) prevents roaming profiles
>>
>> and perhaps, because I am not very smart and was trying to populate LDAP
>> with which I was pretty unfamiliar, I had to run through the vampire
>> process a lot of times before I got everything working the way I wanted
>> it. My second time doing the vampire thing to LDAP was considerably
>> easier. Even though the documentation was excellent, the devil is in the
>> details.
>>
>> Craig
>>
>>
>>  
>>
> We had spent 3 days on it and got it to work without the roaming 
> profiles ( Using Ch 8 from Samba-3 by Example and help here).  It 
> sounds like we went through some of the same issues with vampire, but 
> it looked like we had it working with our test system.
> We had a test machine MACHINE1 in  NT4 DOMAINA.
> We transfered DOMAINA over to a SambaPDC-with LDAP.
> Moved MACHINE1 over to the test environment with a SambaPDC-with 
> LDAP.  Logged in TESTUSER1 everything looked fine, no roaming profile 
> (we did a jig and jumped for joy ).
> We then moved MACHINE2 over to the test environment logged in 
> TESTUSER1 (we had transfered TESTUSER1 from the original NT4 domain).  
> We then logged in USER2 which was the primary user for this computer 
> when it was in the NT4 domain.  That was when we found out that 
> Outlook treated the user as someone completely different, as well as 
> other programs on the machine, the desktop was completely changed to 
> default. After spending another day on it we had to move on, but we 
> are now willing to try again from scratch.
>
> Did  we still have something wrong?  Has/does this work with the 
> latest version?
>
> Goal 1: is USER1 on MACHINE1 can log into the system and not tell that 
> something has changed (Namely there is a different PDC platform).
> Goal 2: The IT department doesn't have to write a bunch of scripts to 
> move profile information on each computer.
>
> Is this possible, because I was of the impression that once we 
> finished the client MACHINE1 and user USER1 wouldn't know or act any 
> differently when logging into NT4 as the PDC vs logging into the 
> transfered DOMAINA on the Samba-LDAP PDC.
>