[Samba] New samba server
sgmayo at mail.bloomfield.k12.mo.us
sgmayo at mail.bloomfield.k12.mo.us
Wed Jul 29 19:46:50 MDT 2009
sgmayo at mail.bloomfield.k12.mo.us wrote:
>
> sgmayo at mail.bloomfield.k12.mo.us wrote:
>>
>> sgmayo at mail.bloomfield.k12.mo.us wrote:
>>>
>>> sgmayo at mail.bloomfield.k12.mo.us wrote:
>>>> I did not get this finished last summer, so decided to just wait and
>>>> do
>>>> it this summer. I have setup my new samba server and was trying to
>>>> get
>>>> some things tweaked to the way that I want them. I thought that I had
>>>> asked this before and that I could do it, but it seems that it does
>> not >> work.
>>>>
>>>> My new server is running as a domain server just like the old. It has
>>>> the same domain name and I change the the SID using net setlocalsid
>> to >> the same sid number as my old server. This new server is in a
>> test
>>>> environment right now.
>>>>
>>>> I was hoping that my old machines could just log into this server
>>>> without having to get out of the domain and then rejoin it, but that
>>>> does not work. It tells me that the domain is not there until I get
>> out >> of the old one and then rejoin the new one. Is that how it has
>> to
>>>> work? I was hoping I would not have to do that if I left the domain
>>>> name the same and set the SID on the new server. I just want to make
>>>> sure I am not missing something before I go around to all 400
>>>> computers
>>>> on campus and have them removed and rejoined to the domain.
>>>
>>> Mr. Terpstra gave me a bit of help. I had done nothing to set my
>>> domainsid, but after doing the following:
>>>
>>> net getlocalsid
>>> net getdomainsid
>>>
>>> The values are the same on both the old and the new samba server. This
>>> new server will take the place of my old one. Right now it is on a
>>> network with nothing else on it besides one of my old windows clients.
>>> If
>>> I remove one of my old clients from the domain and then re-add it, then
>>> it
>>> logs in just fine. If I take an old client from my current network and
>>> put it on this new network and try to login to the new samba server
>>> then
>>> it gives me the typical:
>>>
>>> "Windows cannot connect to the domain either because the domain
>>> controller
>>> is down or otherwise unavailable, or because your computer account was
>>> not
>>> found. Please try again later. If this message continues to appear
>>> contact
>>> your System Administrator for assistance."
>>>
>>> The name of the Windows machine is business18 so I did an
>>> 'smbldap-adduser
>>> -w business18$' to make sure the machine account was added in to the
>>> directory, but the error was the same. I even changed the uid of the
>>> machine account to match the old one in case that was coming into play.
>>>
>>> Here is my samba config in case someone sees something that I don't.
>>> Which is quite possible since I forget more than I learn it seems. :)
>>> I'll be reading on the How-To to see if I can pick anything else up.
>>>
>>> [global]
>>> workgroup = BES
>>> server string = Samba Server Version %v
>>> netbios name = SCHOOL
>>>
>>> interfaces = lo eth0
>>> hosts allow = 127. 10.0. 19 2.168.0. localhost
>>> ldap passwd sync = Yes
>>> ldap admin dn = cn=Manager,dc=school,dc=bloomfield.k12.mo.us
>>> ldap suffix = dc=school1,dc=bloomfield.k12.mo.us
>>> ldap group suffix = ou=Groups
>>> ldap user suffix = ou=Users
>>> ldap machine suffix = ou=Computers
>>> ldap idmap suffix = ou=Users
>>> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>>> ldap delete dn = Yes
>>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
>>> "%g"
>>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>>>
>>> Dos charset = 850
>>> Unix charset = ISO8859-1
>>>
>>>
>>> log file = /var/log/samba/log.%m
>>> max log size = 50
>>>
>>> security = user
>>> passdb backend = ldapsam:ldap://127.0.0.1
>>>
>>> domain master = yes
>>> domain logons = yes
>>>
>>> local master = yes
>>> os level = 65
>>> preferred master = yes
>>>
>>> wins support = yes
>>> dns proxy = no
>>>
>>> load printers = yes
>>> cups options = raw
>>>
>>> [homes]
>>> comment = Home Directories
>>> browseable = no
>>> writable = yes
>>>
>>> [printers]
>>> comment = All Printers
>>> path = /var/spool/samba
>>> browseable = no
>>> guest ok = no
>>> writable = no
>>> printable = yes
>>>
>>
>> Well, I am getting ready to take the other server offline and put the
>> new
>> one in place. I am planning on just removing all my machines from the
>> domain and adding them back in to get everything to work, though I would
>> prefer not to do this.
>>
>> I am just not sure where else to look. Thought I would post one last
>> time. I figure that most of this comes from me not knowing a lot about
>> ldap and how samba interacts with it. I am still learning.
>>
>> The passwords on the new server are different than the old. Does that
>> have any affect on it? Do the passwords have to be the same when it
>> comes
>> to the new machine being added in? I did not think that would matter,
>> but
>> maybe it does. If it does then that would mean taht the XP machines
>> somehow saved the password that was used when the machine joined the
>> domain.
>>
>> Thanks for any info. I'll play with this some tonight, but if I don't
>> figure it out, I'll just do as I planned and remove all mahcines from
>> the
>> domain and add them back in.
>
> I have messed with this for another 3 hours and have searched everything
> that I know to search on the net. Found lots of good hints, but nothing
> has worked. I was going to maybe try to slapcat just one computer account
> and then slapadd it back in to see if that would work and if it would then
> I would do all computer accounts.
>
> For some reason there is no '-a' version on my old server even though the
> manpage shows slapcat(8C) on both servers. I did a slap cat and just
> deleted everything down to and past the computers entry, but then noticed
> the creatorsName and the modifiersName.
>
> Those are both:
> cn: Manager, dc=old-server-name,dc=org
>
> My new server has a different name, so when I slapadd this back in, is
> that going to cause problems?
>
> I know that is more of an ldap question, but thought someone could
> enlighten me on it here. If I could just get this server to accept
> computers without removing/re-adding to the domain, it would save me a
> world of time.
>
Well, I decided to try it so I changed the old-server-name to the
new-server-name in my ldif file and slapadded it into my directory. I get
the same thing that the domain cannot be found or the machine account is
missing. I will just add the new server in tomorrow and then go around
backing up profiles, removing the machine from the domain and then add it
back in. I like samba, but it hates me I guess. ;)
Thanks for the help.
--
Scott Mayo - System Administrator
Bloomfield Schools
PH: 573-568-5669 FA: 573-568-4565
Question: Because it reverses the logical flow of conversation.
Answer: Why is putting a reply at the top of the message frowned upon?
More information about the samba
mailing list