[Samba] Profiles change when migrating from NT4 to Samba PDC

Craig White craigwhite at azapple.com
Tue Oct 11 01:09:42 GMT 2005


On Mon, 2005-10-10 at 12:47 -0500, Philip Washington wrote:
> Philip Washington wrote:
> 
> > Craig White wrote:
> >
> >> On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote:
> >>  
> >>
> >>> On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote:
> >>>   
> >>>
> >>>> After migration of an NT4 domain to Samba we find that when users 
> >>>> log in they have a new profile.  Since we cannot deal with this on 
> >>>> all of the computers with all of the users we have had to stop the 
> >>>> migration.
> >>>> I have searched through the archive and not been able to find any 
> >>>> answers to this issue,  I did find a relevant article though and 
> >>>> apparently they didn't have an answer in 2002. 
> >>>> http://lists.samba.org/archive/samba/2002-August/050163.html
> >>>> Has anyone found a way to resolve this?
> >>>> We are not using roaming profiles.
> >>>>     
> >>>
> >>> ----
> >>> I am hoping that you really aren't looking for wild speculation as to
> >>> what may be the problem. Some things that you should consider sharing
> >>> with us so that we might be able to make a useful suggestion...
> >>>
> >>> samba version ?
> >>>
> >>> SID ? 'net getlocalsid' does this match the SID of the domain that the
> >>> machines that were already joined to the domain? Did you actually 'net
> >>> setlocalsid' to match?
> >>>
> >>> from your smb.conf
> >>> passdb ?
> >>> logon path = ?
> >>> security = ?
> >>> domain logons = ?
> >>> domain master = ?
> >>> preferred master = ?
> >>>
> >>> If we took an example of one or two users who had a problem with their
> >>> profiles...what's output of things like
> >>>
> >>> pdbedit -L USER_NAME ?
> >>>
> >>> does the profile path actually work? Is it reachable from a Windows
> >>> system?
> >>> privileges on profile server permit access?
> >>>
> >>> otherwise, I would just say that you're having a bad day.
> >>>
> >>>   
> >>
> >> ----
> >> I should have pointed out...
> >>
> >> logon path =
> >>
> >> (that's right - blank) prevents roaming profiles
> >>
> >> and perhaps, because I am not very smart and was trying to populate LDAP
> >> with which I was pretty unfamiliar, I had to run through the vampire
> >> process a lot of times before I got everything working the way I wanted
> >> it. My second time doing the vampire thing to LDAP was considerably
> >> easier. Even though the documentation was excellent, the devil is in the
> >> details.
> >>
> >> Craig
> >>
> >>
> >>  
> >>
> > We had spent 3 days on it and got it to work without the roaming 
> > profiles ( Using Ch 8 from Samba-3 by Example and help here).  It 
> > sounds like we went through some of the same issues with vampire, but 
> > it looked like we had it working with our test system.
> > We had a test machine MACHINE1 in  NT4 DOMAINA.
> > We transfered DOMAINA over to a SambaPDC-with LDAP.
> > Moved MACHINE1 over to the test environment with a SambaPDC-with 
> > LDAP.  Logged in TESTUSER1 everything looked fine, no roaming profile 
> > (we did a jig and jumped for joy ).
> > We then moved MACHINE2 over to the test environment logged in 
> > TESTUSER1 (we had transfered TESTUSER1 from the original NT4 domain).  
> > We then logged in USER2 which was the primary user for this computer 
> > when it was in the NT4 domain.  That was when we found out that 
> > Outlook treated the user as someone completely different, as well as 
> > other programs on the machine, the desktop was completely changed to 
> > default. After spending another day on it we had to move on, but we 
> > are now willing to try again from scratch.
> >
> > Did  we still have something wrong?  Has/does this work with the 
> > latest version?
> >
> > Goal 1: is USER1 on MACHINE1 can log into the system and not tell that 
> > something has changed (Namely there is a different PDC platform).
> > Goal 2: The IT department doesn't have to write a bunch of scripts to 
> > move profile information on each computer.
> >
> > Is this possible, because I was of the impression that once we 
> > finished the client MACHINE1 and user USER1 wouldn't know or act any 
> > differently when logging into NT4 as the PDC vs logging into the 
> > transfered DOMAINA on the Samba-LDAP PDC.
> >
----
in all fairness, I have let this go because you didn't answer any of the
questions that I asked. I'm not sure why anyone else didn't follow up
but perhaps they were thinking along the same lines that I was.

In light of no reply, you might consider starting over, and rephrasing
your questions.

In short, I had absolutely no problems with migrating users from NT PDC
to Samba PDC but I have always used LDAP as backend for the migration
and roaming profiles.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the samba mailing list