[Samba] Profiles change when migrating from NT4 to Samba PDC
phwashington at comcast.net
Mon Oct 10 17:47:24 GMT 2005
Philip Washington wrote:
> Craig White wrote:
>> On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote:
>>> On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote:
>>>> After migration of an NT4 domain to Samba we find that when users
>>>> log in they have a new profile. Since we cannot deal with this on
>>>> all of the computers with all of the users we have had to stop the
>>>> I have searched through the archive and not been able to find any
>>>> answers to this issue, I did find a relevant article though and
>>>> apparently they didn't have an answer in 2002.
>>>> Has anyone found a way to resolve this?
>>>> We are not using roaming profiles.
>>> I am hoping that you really aren't looking for wild speculation as to
>>> what may be the problem. Some things that you should consider sharing
>>> with us so that we might be able to make a useful suggestion...
>>> samba version ?
>>> SID ? 'net getlocalsid' does this match the SID of the domain that the
>>> machines that were already joined to the domain? Did you actually 'net
>>> setlocalsid' to match?
>>> from your smb.conf
>>> passdb ?
>>> logon path = ?
>>> security = ?
>>> domain logons = ?
>>> domain master = ?
>>> preferred master = ?
>>> If we took an example of one or two users who had a problem with their
>>> profiles...what's output of things like
>>> pdbedit -L USER_NAME ?
>>> does the profile path actually work? Is it reachable from a Windows
>>> privileges on profile server permit access?
>>> otherwise, I would just say that you're having a bad day.
>> I should have pointed out...
>> logon path =
>> (that's right - blank) prevents roaming profiles
>> and perhaps, because I am not very smart and was trying to populate LDAP
>> with which I was pretty unfamiliar, I had to run through the vampire
>> process a lot of times before I got everything working the way I wanted
>> it. My second time doing the vampire thing to LDAP was considerably
>> easier. Even though the documentation was excellent, the devil is in the
> We had spent 3 days on it and got it to work without the roaming
> profiles ( Using Ch 8 from Samba-3 by Example and help here). It
> sounds like we went through some of the same issues with vampire, but
> it looked like we had it working with our test system.
> We had a test machine MACHINE1 in NT4 DOMAINA.
> We transfered DOMAINA over to a SambaPDC-with LDAP.
> Moved MACHINE1 over to the test environment with a SambaPDC-with
> LDAP. Logged in TESTUSER1 everything looked fine, no roaming profile
> (we did a jig and jumped for joy ).
> We then moved MACHINE2 over to the test environment logged in
> TESTUSER1 (we had transfered TESTUSER1 from the original NT4 domain).
> We then logged in USER2 which was the primary user for this computer
> when it was in the NT4 domain. That was when we found out that
> Outlook treated the user as someone completely different, as well as
> other programs on the machine, the desktop was completely changed to
> default. After spending another day on it we had to move on, but we
> are now willing to try again from scratch.
> Did we still have something wrong? Has/does this work with the
> latest version?
> Goal 1: is USER1 on MACHINE1 can log into the system and not tell that
> something has changed (Namely there is a different PDC platform).
> Goal 2: The IT department doesn't have to write a bunch of scripts to
> move profile information on each computer.
> Is this possible, because I was of the impression that once we
> finished the client MACHINE1 and user USER1 wouldn't know or act any
> differently when logging into NT4 as the PDC vs logging into the
> transfered DOMAINA on the Samba-LDAP PDC.
More information about the samba