[Samba] New samba server

sgmayo at mail.bloomfield.k12.mo.us sgmayo at mail.bloomfield.k12.mo.us
Wed Jul 29 19:46:50 MDT 2009 

sgmayo at mail.bloomfield.k12.mo.us wrote:
>
> sgmayo at mail.bloomfield.k12.mo.us wrote:
>>
>> sgmayo at mail.bloomfield.k12.mo.us wrote:
>>>
>>> sgmayo at mail.bloomfield.k12.mo.us wrote:
>>>> I did not get this finished last summer, so decided to just wait and
>>>> do
>>>> it this summer.  I have setup my new samba server and was trying to
>>>> get
>>>> some things tweaked to the way that I want them.  I thought that I had
>>>> asked this before and that I could do it, but it seems that it does
>> not >> work.
>>>>
>>>> My new server is running as a domain server just like the old.  It has
>>>> the same domain name and I change the the SID using net setlocalsid
>> to >> the same sid number as my old server.  This new server is in a
>> test
>>>> environment right now.
>>>>
>>>> I was hoping that my old machines could just log into this server
>>>> without having to get out of the domain and then rejoin it, but that
>>>> does not work.  It tells me that the domain is not there until I get
>> out >> of the old one and then rejoin the new one.  Is that how it has
>> to
>>>> work?  I was hoping I would not have to do that if I left the domain
>>>> name the same and set the SID on the new server.  I just want to make
>>>> sure I am not missing something before I go around to all 400
>>>> computers
>>>> on campus and have them removed and rejoined to the domain.
>>>
>>> Mr. Terpstra gave me a bit of help.  I had done nothing to set my
>>> domainsid, but after doing the following:
>>>
>>> net getlocalsid
>>> net getdomainsid
>>>
>>> The values are the same on both the old and the new samba server.  This
>>> new server will take the place of my old one.  Right now it is on a
>>> network with nothing else on it besides one of my old windows clients.
>>> If
>>> I remove one of my old clients from the domain and then re-add it, then
>>> it
>>> logs in just fine.  If I take an old client from my current network and
>>> put it on this new network and try to login to the new samba server
>>> then
>>> it gives me the typical:
>>>
>>> "Windows cannot connect to the domain either because the domain
>>> controller
>>> is down or otherwise unavailable, or because your computer account was
>>> not
>>> found. Please try again later. If this message continues to appear
>>> contact
>>> your System Administrator for assistance."
>>>
>>> The name of the Windows machine is business18 so I did an
>>> 'smbldap-adduser
>>> -w business18$' to make sure the machine account was added in to the
>>> directory, but the error was the same.  I even changed the uid of the
>>> machine account to match the old one in case that was coming into play.
>>>
>>> Here is my samba config in case someone sees something that I don't.
>>> Which is quite possible since I forget more than I learn it seems. :)
>>> I'll be reading on the How-To to see if I can pick anything else up.
>>>
>>> [global]
>>> 	workgroup = BES
>>> 	server string = Samba Server Version %v
>>> 	netbios name = SCHOOL
>>>
>>> 	interfaces = lo eth0
>>> 	hosts allow = 127. 10.0. 19 2.168.0. localhost
>>> 	ldap passwd sync = Yes
>>> 	ldap admin dn = cn=Manager,dc=school,dc=bloomfield.k12.mo.us
>>> 	ldap suffix = dc=school1,dc=bloomfield.k12.mo.us
>>> 	ldap group suffix = ou=Groups
>>> 	ldap user suffix = ou=Users
>>> 	ldap machine suffix = ou=Computers
>>> 	ldap idmap suffix = ou=Users
>>> 	add machine script = /usr/sbin/smbldap-useradd -w "%u"
>>> 	add user script = /usr/sbin/smbldap-useradd -m "%u"
>>> 	ldap delete dn = Yes
>>> 	add group script = /usr/sbin/smbldap-groupadd -p "%g"
>>> 	add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>>> 	delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
>>> "%g"
>>> 	set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>>>
>>> 	Dos charset = 850
>>> 	Unix charset = ISO8859-1
>>>
>>>
>>> 	log file = /var/log/samba/log.%m
>>> 	max log size = 50
>>>
>>> 	security = user
>>> 	passdb backend = ldapsam:ldap://127.0.0.1
>>>
>>> 	domain master = yes
>>> 	domain logons = yes
>>>
>>> 	local master = yes
>>> 	os level = 65
>>> 	preferred master = yes
>>>
>>> 	wins support = yes
>>> 	dns proxy = no
>>>
>>> 	load printers = yes
>>> 	cups options = raw
>>>
>>> [homes]
>>> 	comment = Home Directories
>>> 	browseable = no
>>> 	writable = yes
>>>
>>> [printers]
>>> 	comment = All Printers
>>> 	path = /var/spool/samba
>>> 	browseable = no
>>> 	guest ok = no
>>> 	writable = no
>>> 	printable = yes
>>>
>>
>> Well, I am getting ready to take the other server offline and put the
>> new
>> one in place.  I am planning on just removing all my machines from the
>> domain and adding them back in to get everything to work, though I would
>> prefer not to do this.
>>
>> I am just not sure where else to look.  Thought I would post one last
>> time.  I figure that most of this comes from me not knowing a lot about
>> ldap and how samba interacts with it.  I am still learning.
>>
>> The passwords on the new server are different than the old.  Does that
>> have any affect on it?  Do the passwords have to be the same when it
>> comes
>> to the new machine being added in?  I did not think that would matter,
>> but
>> maybe it does.  If it does then that would mean taht the XP machines
>> somehow saved the password that was used when the machine joined the
>> domain.
>>
>> Thanks for any info.  I'll play with this some tonight, but if I don't
>> figure it out, I'll just do as I planned and remove all mahcines from
>> the
>> domain and add them back in.
>
> I have messed with this for another 3 hours and have searched everything
> that I know to search on the net.  Found lots of good hints, but nothing
> has worked.  I was going to maybe try to slapcat just one computer account
> and then slapadd it back in to see if that would work and if it would then
> I would do all computer accounts.
>
> For some reason there is no '-a' version on my old server even though the
> manpage shows slapcat(8C) on both servers.  I did a slap cat and just
> deleted everything down to and past the computers entry, but then noticed
> the creatorsName and the modifiersName.
>
> Those are both:
> cn: Manager, dc=old-server-name,dc=org
>
> My new server has a different name, so when I slapadd this back in, is
> that going to cause problems?
>
> I know that is more of an ldap question, but thought someone could
> enlighten me on it here.  If I could just get this server to accept
> computers without removing/re-adding to the domain, it would save me a
> world of time.
>

Well, I decided to try it so I changed the old-server-name to the
new-server-name in my ldif file and slapadded it into my directory.  I get
the same thing that the domain cannot be found or the machine account is
missing.  I will just add the new server in tomorrow and then go around
backing up profiles, removing the machine from the domain and then add it
back in.  I like samba, but it hates me I guess. ;)

Thanks for the help.

-- 
Scott Mayo - System Administrator
Bloomfield Schools
PH: 573-568-5669  FA: 573-568-4565

Question: Because it reverses the logical flow of conversation.
Answer: Why is putting a reply at the top of the message frowned upon?

More information about the samba mailing list