Fwd: Re: [Samba] Migrate NT domain 4 to samba

Ivan Ordonez iordonez at nature.berkeley.edu
Fri Mar 24 00:12:56 GMT 2006 

I tried "net lookup dc" and samba PDC did not show.

The NT machine we have has been shut down and not functional 
anymore.  Right now, we only have one linux box with gentoo running samba 
and we want it to be the PDC.

Thanks,
-Ivan

>X-Original-To: iordonez at nature.berkeley.edu
>Delivered-To: iordonez at nature.berkeley.edu
>Subject: Re: [Samba] Migrate NT domain 4 to samba
>To: Ivan Ordonez <iordonez at nature.berkeley.edu>
>X-Mailer: Lotus Notes Release 6.0.2CF1 June 9, 2003
>From: Donald W Watson <dwatson at us.ibm.com>
>Date: Thu, 23 Mar 2006 15:50:43 -0800
>X-MIMETrack: Serialize by Router on D03NM124/03/M/IBM(Release 6.53HF752 | 
>November 15, 2005) at
>  03/23/2006 16:50:48
>X-Virus-Scanned: amavisd-new at nature.berkeley.edu
>
>Ivan,
>
>The smb.conf looks fine, nearly identical to mine except I don't have the 
>entry for "netbios name". If "rock" is the name of your samba server this 
>shouldn't make difference.
>
>As an experiment, have you tried to see if the PDC is visible from another 
>Unix box by using either "net lookup dc" or "nmblookup" (nmbd must be 
>running)? This will help isolate the problem to either the samba PDC 
>itself or something configured on the NT machine.
>
>Sincerely, Don Watson
>Linux Technology and Solutions; Beaverton, OR
>503-578-4861/TL: 775-4861; dwatson at us.ibm.com
>Inactive hide details for Ivan Ordonez <iordonez at nature.berk
>Ivan Ordonez <iordonez at nature.berkeley.edu>
>
>Ivan Ordonez <iordonez at nature.berkeley.edu>
>
>03/23/2006 03:34 PM
>[]
>
>To
>
>Donald W Watson/Beaverton/IBM at IBMUS
>[]
>
>cc
>
>samba at lists.samba.org
>[]
>
>Subject
>
>Re: [Samba] Migrate NT domain 4 to samba
>
>Hi,
>
>We were finally able to run "net rpc vampire" command. We created a brand 
>new smb.conf and add some user scripts.
>
>We shut down our NT machine and make samba the PDC. I have created the 
>machine name in samba and created a samba root account as well. When I try 
>to join one machine, PDC is not found. Somehow, the samba PDC does not 
>know that he is supposed to be a domain controller now that the NT is down.
>
>Anything I need to check or change on my smb.conf?
>
>workgroup = mydomain
>netbios name = rock
>server string = Samba Server %v
>interfaces = eth0
>map to guest = Bad User
>log file = /var/log/samba/log.%m
>max log size = 50
>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>printcap name = cups
>dns proxy = No
>os level = 65
>passdb expand explicit = no
>passdb backend=tdbsam
>security = user
>local master = yes
>domain master = yes
>preferred master = yes
>domain logons = yes
>password server = pc1
>encrypt passwords = yes
># Scripts for file (passwd, smbpasswd) backend:
>add user script = /usr/sbin/useradd -s /bin/false '%u'
>#delete user script = /usr/sbin/userdel '%s'
>add user to group script = /usr/bin/gpasswd -a '%u' '%g'
>#delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
>set primary group script = /usr/sbin/usermod -g '%g' '%u'
>add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: 
>'{print $3}'
>#delete group script = /usr/sbin/groupdel '%g'
>add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 
>'Machine Account' -s /bin/false -M '%u'
>
>Thanks,
>-Ivan
>
>
>
>
>
>At 07:34 AM 3/23/2006, Donald W Watson wrote:
>Ivan,
>I noticed when I did this with the old documentation I had to be very 
>careful reading the chapter and discovering all the necessary 
>instructions. I also noticed that the old documentation states that with 
>ldapsam you should not start samba until after the "net rpc vampire" call, 
>but with tdbsam it states you should start samba before the "net rpc 
>vampire" call.
>
>In the new documentation it looks much simpler ( 
>http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf), chapter 35:
>In smb.conf, domain master = no (you already have this). In smb.conf, 
>passdbbackend = tdbsam (you already have this). Samba must not be running. 
>net rpc join -S <NT4 PDC ipaddr> -U Administrator%<Administrator password> 
>net rpc vampire -S <NT4 PDC ipaddr> -U Administrator%<Administrator password>
>pdbedit -L should now show all the new users.
>Maybe this will help.
>Sincerely, Don Watson Linux Technology and Solutions; Beaverton, OR 
>503-578-4861/TL: 775-4861; dwatson at us.ibm.com
>Inactive hide details for Ivan Ordonez <iordonez at nature.berk
>Ivan Ordonez <iordonez at nature.berkeley.edu>
>Ivan Ordonez <iordonez at nature.berkeley.edu> Sent by: 
>samba-bounces+dwatson=us.ibm.com at lists.samba.org  03/22/2006 11:54 AM
>[]
>To
>samba at lists.samba.org
>[]
>cc
>[]
>Subject
>[Samba] Migrate NT domain 4 to samba I have been following the Chapter 9 
>on Samba -3 by example book on "How to Migrate NT 4 domain to samba 3" and 
>not having any luck at all.  Somehow the vampire command will not work and 
>give me an error:
>Fetching DOMAIN database Failed to fetch domain database: 
>NT_STATUS_ACCESS_DENIED
>What I want to accomplish is to remove Windows NT 4.0 server as PDC and 
>make Samba our Primary Domain Controller.
>Also, I'm not sure if I have tdbsam setup correctly.  How do you set it up 
>correctly?  is there a command I should run or should I just edit smb.conf 
>file and add tdbsam?  please see below for my smb.conf configuration.
># Global parameters [global]        workgroup = MyDomain        netbios 
>name = rock        server string = rock (Samba %v)        security = 
>domain        interfaces =  eth0 192.168.1.2        encrypt passwords = 
>yes        passdb backend = 
>tdbsam:/var/lib/samba/private/passdb.tdb        passdb expand explicit = 
>no        log file = /usr/local/var/log/log.smb        max log size = 
>50        dns proxy = No        wins server = 192.168.1.3        name 
>resolve order = wins host lmhosts        ldap ssl = no        log level = 
>5 passdb:5 auth:10 winbind:2        syslog = 3        domain master = 
>no        domain logons = no
>I send an email to this list yesterday abd I thought I should email back 
>to remind everyone.  I am a total newbie and would like much help is 
>possible.  Thank you in advance.
>FYI:  As it stand, I have samba as our member server only and using it to 
>host filesharing.  Our users login to the domain using domain accounts.
>-- To unsubscribe from this list go to the following URL and read the 
>instructions: 
><https://lists.samba.org/mailman/listinfo/samba>https://lists.samba.org/mailman/listinfo/samba
>
>

More information about the samba mailing list