Have you migrated the user data to the new ldap server? Unless Samba knows about the users, they won't be able to log in.
On Tue, Jul 14, 2009 at 1:28 PM, <sgm...@mail.bloomfield.k12.mo.us> wrote: > > sgm...@mail.bloomfield.k12.mo.us wrote: >> I did not get this finished last summer, so decided to just wait and do it >> this summer. I have setup my new samba server and was trying to get some >> things tweaked to the way that I want them. I thought that I had asked >> this before and that I could do it, but it seems that it does not work. >> >> My new server is running as a domain server just like the old. It has the >> same domain name and I change the the SID using net setlocalsid to the >> same sid number as my old server. This new server is in a test >> environment right now. >> >> I was hoping that my old machines could just log into this server without >> having to get out of the domain and then rejoin it, but that does not >> work. It tells me that the domain is not there until I get out of the old >> one and then rejoin the new one. Is that how it has to work? I was >> hoping I would not have to do that if I left the domain name the same and >> set the SID on the new server. I just want to make sure I am not missing >> something before I go around to all 400 computers on campus and have them >> removed and rejoined to the domain. > > Mr. Terpstra gave me a bit of help. I had done nothing to set my > domainsid, but after doing the following: > > net getlocalsid > net getdomainsid > > The values are the same on both the old and the new samba server. This > new server will take the place of my old one. Right now it is on a > network with nothing else on it besides one of my old windows clients. If > I remove one of my old clients from the domain and then re-add it, then it > logs in just fine. If I take an old client from my current network and > put it on this new network and try to login to the new samba server then > it gives me the typical: > > "Windows cannot connect to the domain either because the domain controller > is down or otherwise unavailable, or because your computer account was not > found. Please try again later. If this message continues to appear contact > your System Administrator for assistance." > > The name of the Windows machine is business18 so I did an 'smbldap-adduser > -w business18$' to make sure the machine account was added in to the > directory, but the error was the same. I even changed the uid of the > machine account to match the old one in case that was coming into play. > > Here is my samba config in case someone sees something that I don't. > Which is quite possible since I forget more than I learn it seems. :) > I'll be reading on the How-To to see if I can pick anything else up. > > [global] > workgroup = BES > server string = Samba Server Version %v > netbios name = SCHOOL > > interfaces = lo eth0 > hosts allow = 127. 10.0. 19 2.168.0. localhost > ldap passwd sync = Yes > ldap admin dn = cn=Manager,dc=school,dc=bloomfield.k12.mo.us > ldap suffix = dc=school1,dc=bloomfield.k12.mo.us > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Users > add machine script = /usr/sbin/smbldap-useradd -w "%u" > add user script = /usr/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > > Dos charset = 850 > Unix charset = ISO8859-1 > > > log file = /var/log/samba/log.%m > max log size = 50 > > security = user > passdb backend = ldapsam:ldap://127.0.0.1 > > domain master = yes > domain logons = yes > > local master = yes > os level = 65 > preferred master = yes > > wins support = yes > dns proxy = no > > load printers = yes > cups options = raw > > [homes] > comment = Home Directories > browseable = no > writable = yes > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = no > writable = no > printable = yes > > > -- > Scott Mayo - System Administrator > Bloomfield Schools > PH: 573-568-5669 FA: 573-568-4565 > > Question: Because it reverses the logical flow of conversation. > Answer: Why is putting a reply at the top of the message frowned upon? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
