[Samba] Help with migration
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon May 7 07:25:21 MDT 2012
You may want to set up a test environment.
I have not been able to get NTLMv2 working properly. I believe
enabling NTLMv2 should still systems to negotiate ver 2 but that didn't
happen- at least I was unable to login from a Windows 2003 client with
a samba PDC. NTLMv2 uses better encryption for authenticating the
users than NTLM v1 but I am not sure if the actual password itself gets
store differently in LDAP. I think the same hash mechanism is used to
store the password.
I upgrade from samba 3.0.x to samba 3.4.x. (both with LDAP backend.)
I believe some of the issues I found were
- the nobody user and nobody group need to be explicitly mapped
- some functionality with domain trusts were fixed, others broken
- I may have needed to explicitly grant privilegedes to the Domain
Administrators group. (But that may have been because I initially mixed
up the group mapping for some groups.)
At some point joining machines to the domain got a little trickier. I
need to make sure that some samba attributes were precreated
type: sambaPrimaryGroupSID
value: S-1-5-21-XXX-XXX-XXX-515
type: sambaAccountFlags
value: [W ]
I am not sure if this issue happened with samba 3.4.x or would have
happened in 3.1.x, 3.2x or 3.3.x. It may also be a schema checking
hiccup on the LDAP server.
On 05/07/12 05:54, Denis Fateyev wrote:
> Hello Alejandro,
>
> Probably to check all the details you need to create a build environment,
> at first. It's the general advice. As for your question, I had samba-3.5
> server (upgraded from 3.0.28) which was able to authenticate all windows:
> from win98 to win7 (domain members). So I think it's possible to do.
> Actually I cannot recall any problems I had during the upgrade process,
> except very little ones. I used 'SerNet' samba builds (btw, many thanks to
> them!)
>
> ---
> wbr, Denis.
>
>
> On Fri, May 4, 2012 at 8:17 PM, Alejandro Iacobelli <
> aiacobelli at khutech.com.ar> wrote:
>
>> Hello to all, my name is Alejandro and I have a little question to anyone
>> of this list.
>>
>> I´ve created ,6 years ago, an ldap+smb proyect for a big company. Back
>> then, samba (Lenny server) only worked with NT hashes but now (Squeeze
>> server) they want to authenticate with Win7 (ntlm2 protocols) And
>> configurating windows7 to accept old NT hashes is not an exit. I want to
>> update ONLY the smb package from samba (2:3.2.5-4lenny15) to samba
>> (2:3.5.6~dfsg-3squeeze8).
>> PD: I'm using an OLD and modified by myself openldap version so i cant
>> touch it.
>>
>> My question is this:
>>
>>
>> Have someone of you did this kind of migration any time? can you give me
>> advices?
>>
>> i need to know if something could go wrong in the relation with openldap.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list