[Samba] Migrated PDC to new server
Edmundo Valle Neto
edmundo.valle at terra.com.br
Wed Jun 28 20:44:04 GMT 2006
Matt Ingram escreveu:
> anyone ?
>
> Matt Ingram wrote:
>> I just migrated my SMB pdc to a new server (was running 3.0.21c, now
>> 3.0.22). Some things seems to be ok. net rpc list; net rpc testjoin
>> seem to work. But if I attempt to join a windows system to the domain
>> I get "The following error occured while attempting to join to domain
>> "DOMAINNAME": The user name could not be found". The machine name
>> is getting loaded into ldap.
>>
>> LDAP seems to be fine, getent passwd/group returns all the ldap
>> users; net groupmap list returns all the groups. I can shell in with
>> ldap accounts/
>>
>> I copied the old server's /etc/samba to the new server and I set the
>> new servers SID to be that of the old server.
>>
>> Also, I have a logon script on my BDC and my PDC. The BDC script
>> runs on the client boot up, but the PDC one isn't running.
>>
>> Any ideas?
>>
Which user are you using?
If root, ok, if you are using another user, have you sure that it has
privileges to do that?
Privileges are stored in account_policy.tdb (that you haven't copied).
Did you added the ldap admin password to samba again? smbpasswd -w
ldappassword?
The secrets.tdb file holds that (that you haven't copied).
About the login script, did you copied the contents of the netlogon
share and changed the permissions properly (to everyone be able to read it)?
>> SMB.CONF
>> [global]
>> workgroup = DOMAINNAME
>> netbios name = HOME
>> server string = HOME
>> passdb backend = ldapsam:ldap://ldap.domain
>> username map = /etc/samba/smbusers
>> printcap name = cups
>> enable privileges = Yes
>> log level = 2
>> add user script = /usr/local/sbin/smbldap-useradd -m '%u'
>> delete user script = /usr/local/sbin/smbldap-userdel %u
>> add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
>> delete group script = /usr/local/sbin/smbldap-groupdel '%g'
>> add user to group script = /usr/local/sbin/smbldap-groupmod -m
>> '%u' '%g'
>> delete user from group script =
>> /usr/local/sbin/smbldap-groupmod -x '%u' '%g'
>> set primary group script = /usr/local/sbin/smbldap-usermod -g
>> '%g' '%u'
>> add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
>> logon script = scripts\logon.bat
>> # logon path = \\%L\Profiles\%U
>> logon path =
>> logon drive = H:
>> logon home = \\%L\%U
>> domain logons = Yes
>> os level = 65
>> preferred master = Yes
>> domain master = Yes
>> wins server = 172.30.30.25
>> ldap suffix = ou=Accounts,dc=company,dc=com
>> ldap machine suffix = ou=Computers
>> ldap user suffix = ou=People
>> ldap group suffix = ou=Posix,ou=Groups
>> ldap idmap suffix = ou=idmap
>> ldap admin dn = cn=Manager,dc=company,dc=com
>> ldap ssl = no
>> ldap passwd sync = No
>> # idmap uid = 15000-20000
>> # idmap gid = 15000-20000
>> printing = cups
>> map acl inherit = Yes
>>
>>
>> here's my log.smbd when I tried to add the computer:
>>
>> [2006/06/23 11:28:27, 2] smbd/sesssetup.c:setup_new_vc_session(772)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would
>> close all old resources.
>> [2006/06/23 11:28:27, 2] smbd/sesssetup.c:setup_new_vc_session(772)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would
>> close all old resources.
>> [2006/06/23 11:28:27, 2] lib/smbldap.c:smbldap_open_connection(722)
>> smbldap_open_connection: connection opened
>> [2006/06/23 11:28:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
>> init_sam_from_ldap: Entry found for user: root
>> [2006/06/23 11:28:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2215)
>> init_group_from_ldap: Entry found for group: 512
>> [2006/06/23 11:28:27, 2] auth/auth.c:check_ntlm_password(307)
>> check_ntlm_password: authentication for user [Administrator] ->
>> [root] -> [root] succeeded
>> [2006/06/23 11:28:28, 2] smbd/server.c:exit_server(614)
>> Closing connections
>> [2006/06/23 11:28:28, 2] smbd/sesssetup.c:setup_new_vc_session(772)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would
>> close all old resources.
>> [2006/06/23 11:28:28, 2] smbd/sesssetup.c:setup_new_vc_session(772)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would
>> close all old resources.
>> [2006/06/23 11:28:28, 2] lib/smbldap.c:smbldap_open_connection(722)
>> smbldap_open_connection: connection opened
>> [2006/06/23 11:28:28, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
>> init_sam_from_ldap: Entry found for user: root
>> [2006/06/23 11:28:28, 2] passdb/pdb_ldap.c:init_group_from_ldap(2215)
>> init_group_from_ldap: Entry found for group: 512
>> [2006/06/23 11:28:28, 2] auth/auth.c:check_ntlm_password(307)
>> check_ntlm_password: authentication for user [Administrator] ->
>> [root] -> [root] succeeded
>> [2006/06/23 11:28:29, 2]
>> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
>> Returning domain sid for domain DOMAINNAME ->
>> S-1-5-21-3186883984-1813041273-1898769360
>> [2006/06/23 11:28:30, 2] smbd/server.c:exit_server(614)
>> Closing connections
>>
>> thanks in advance.
>>
>>
Putting a "log file = /var/log/samba/log.%m" will log per machine.
You should see something like this with a log level = 3:
[2006/06/26 14:47:28, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"testmachine$"' gave 0
...
[2006/06/26 14:47:28, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1832)
ldapsam_add_sam_account: User exists without samba attributes: adding them
[2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912)
init_ldap_from_sam: Setting entry for user: testmachine$
[2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(1942)
ldapsam_add_sam_account: added: uid == testmachine$ in the LDAP database
...
It will shows the script beeing executed (it will add the POSIX account
only), the errorlevel that it gaves (0 = no errors).
And samba adding the rest of the attributes.
Regards.
Edmundo Valle Neto
More information about the samba
mailing list