sgm...@mail.bloomfield.k12.mo.us wrote: > > sgm...@mail.bloomfield.k12.mo.us wrote: >> >> sgm...@mail.bloomfield.k12.mo.us wrote: >>> I did not get this finished last summer, so decided to just wait and do >>> it this summer. I have setup my new samba server and was trying to get >>> some things tweaked to the way that I want them. I thought that I had >>> asked this before and that I could do it, but it seems that it does > not >> work. >>> >>> My new server is running as a domain server just like the old. It has >>> the same domain name and I change the the SID using net setlocalsid > to >> the same sid number as my old server. This new server is in a > test >>> environment right now. >>> >>> I was hoping that my old machines could just log into this server >>> without having to get out of the domain and then rejoin it, but that >>> does not work. It tells me that the domain is not there until I get > out >> of the old one and then rejoin the new one. Is that how it has > to >>> work? I was hoping I would not have to do that if I left the domain >>> name the same and set the SID on the new server. I just want to make >>> sure I am not missing something before I go around to all 400 computers >>> on campus and have them removed and rejoined to the domain. >> >> Mr. Terpstra gave me a bit of help. I had done nothing to set my >> domainsid, but after doing the following: >> >> net getlocalsid >> net getdomainsid >> >> The values are the same on both the old and the new samba server. This >> new server will take the place of my old one. Right now it is on a >> network with nothing else on it besides one of my old windows clients. >> If >> I remove one of my old clients from the domain and then re-add it, then >> it >> logs in just fine. If I take an old client from my current network and >> put it on this new network and try to login to the new samba server then >> it gives me the typical: >> >> "Windows cannot connect to the domain either because the domain >> controller >> is down or otherwise unavailable, or because your computer account was >> not >> found. Please try again later. If this message continues to appear >> contact >> your System Administrator for assistance." >> >> The name of the Windows machine is business18 so I did an >> 'smbldap-adduser >> -w business18$' to make sure the machine account was added in to the >> directory, but the error was the same. I even changed the uid of the >> machine account to match the old one in case that was coming into play. >> >> Here is my samba config in case someone sees something that I don't. >> Which is quite possible since I forget more than I learn it seems. :) >> I'll be reading on the How-To to see if I can pick anything else up. >> >> [global] >> workgroup = BES >> server string = Samba Server Version %v >> netbios name = SCHOOL >> >> interfaces = lo eth0 >> hosts allow = 127. 10.0. 19 2.168.0. localhost >> ldap passwd sync = Yes >> ldap admin dn = cn=Manager,dc=school,dc=bloomfield.k12.mo.us >> ldap suffix = dc=school1,dc=bloomfield.k12.mo.us >> ldap group suffix = ou=Groups >> ldap user suffix = ou=Users >> ldap machine suffix = ou=Computers >> ldap idmap suffix = ou=Users >> add machine script = /usr/sbin/smbldap-useradd -w "%u" >> add user script = /usr/sbin/smbldap-useradd -m "%u" >> ldap delete dn = Yes >> add group script = /usr/sbin/smbldap-groupadd -p "%g" >> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" >> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" >> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" >> >> Dos charset = 850 >> Unix charset = ISO8859-1 >> >> >> log file = /var/log/samba/log.%m >> max log size = 50 >> >> security = user >> passdb backend = ldapsam:ldap://127.0.0.1 >> >> domain master = yes >> domain logons = yes >> >> local master = yes >> os level = 65 >> preferred master = yes >> >> wins support = yes >> dns proxy = no >> >> load printers = yes >> cups options = raw >> >> [homes] >> comment = Home Directories >> browseable = no >> writable = yes >> >> [printers] >> comment = All Printers >> path = /var/spool/samba >> browseable = no >> guest ok = no >> writable = no >> printable = yes >> > > Well, I am getting ready to take the other server offline and put the new > one in place. I am planning on just removing all my machines from the > domain and adding them back in to get everything to work, though I would > prefer not to do this. > > I am just not sure where else to look. Thought I would post one last > time. I figure that most of this comes from me not knowing a lot about > ldap and how samba interacts with it. I am still learning. > > The passwords on the new server are different than the old. Does that > have any affect on it? Do the passwords have to be the same when it comes > to the new machine being added in? I did not think that would matter, but > maybe it does. If it does then that would mean taht the XP machines > somehow saved the password that was used when the machine joined the > domain. > > Thanks for any info. I'll play with this some tonight, but if I don't > figure it out, I'll just do as I planned and remove all mahcines from the > domain and add them back in.
I have messed with this for another 3 hours and have searched everything that I know to search on the net. Found lots of good hints, but nothing has worked. I was going to maybe try to slapcat just one computer account and then slapadd it back in to see if that would work and if it would then I would do all computer accounts. For some reason there is no '-a' version on my old server even though the manpage shows slapcat(8C) on both servers. I did a slap cat and just deleted everything down to and past the computers entry, but then noticed the creatorsName and the modifiersName. Those are both: cn: Manager, dc=old-server-name,dc=org My new server has a different name, so when I slapadd this back in, is that going to cause problems? I know that is more of an ldap question, but thought someone could enlighten me on it here. If I could just get this server to accept computers without removing/re-adding to the domain, it would save me a world of time. thanks again. -- Scott Mayo - System Administrator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Question: Because it reverses the logical flow of conversation. Answer: Why is putting a reply at the top of the message frowned upon? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
