[Samba] LDAP/Samba issues when replacing server

dahopkins at comcast.net dahopkins at comcast.net
Thu Sep 21 02:48:45 GMT 2006

I hope that someone can let me know what I have done wrong.

I need to replace and existing server (server1) with a new server (server2).  Server1 is currently running LDAP/Samba (3.0.14).  Profiles stored in /opt/samba/profiles

I installed all of the pieces, and LDAP works (mostly, I have an issue, see below)

I ran net getlocalsid DOMAINNAME on server1  
used the SID value in net setlocalsid command on the new server.

I then tried to import the old ldif but got errors about existing keys, so deleted the ldap database, and then imported the ldif obtained from server1 without errors.

Checked with net getlocalsid DOMAINNAME that the SID returned was correct. Tried net getlocalsid which returned the same SID but for the local machine name (server2).  Finally, net rpc getsid also reports the correct SID as being placed in the secrets.tbd file on server2. (The above is slightly different than on server1 for which net getlocalsid just returned an error about not being able to get the name).  The two servers are at different versions of samba though.  Old is at 3.0.14, while new is 3.0.23a, so perhaps this is to be expected.

I can log on with any of the Linux LDAP accounts. BUT .... still have issue with Samba.  In particular, none of the old profiles are recognized.  I tried both nfs mounting /opt/samba to server1:/opt/samba as well as copying all of /opt/samba to the new server.  When I log onto a Windows TS new profiles are created which is an issue since there are a couple of packages that have to be customized.  In particular, every student has a TTL3.ini file in their WINDOWS directory (e.g. /home/student01/WINDOWS/TTL3.ini)  With the old server, this file directory is recognized and the ini settings are applied.  With the new server they are not.

Additionally, on the Linux system,  su - student01 just hangs.  Same with any account.

Similarly, running 

passwd dahopkins returns

Changing password for user dahopkins.
passwd: Authentication token manipulation error

I guess things just aren't quite right yet. :0

So, can someone point me direction or offer a reason why the new server does not look the same to the Windows Terminal Server as far as account profiles are concerned?

Dave Hopkins
Newark Charter School
Newark Delaware

More information about the samba mailing list