Greetings! It is premature for me to send out a "success procedure for migration" yesterday. I overlooked things and I appologize for to this group.
Anyway, after migration, computers, users, groups are all created and filled up with the correct membership. However, I still have the same problem with machine password and user password. Further looking into the detail, it looks like samba/ldap does not use LM/NT password for authentication but expect userPassword, which I assume is posix account password and did not exist on the original NT4 server. Here is my account entry after the migration: ====================================================== dn: uid=ksun,ou=Users,dc=ab,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: ksun sn: ksun uid: ksun uidNumber: 1870 gidNumber: 513 homeDirectory: /u/ksun loginShell: /bin/tcsh gecos: System User description: System User userPassword: {crypt}x sambaSID: S-1-5-21-72881033-379349262-1855928443-5162 sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-513 sambaLogonTime: 1090859130 sambaLMPassword: D2C0998710B6D0D260086A4D2CF0CF0E sambaNTPassword: 0457C29D84903BB202DDD57B9958F67A sambaPwdLastSet: 1069686468 sambaAcctFlags: [NU ] ======================================================= It looks like the migration does create LM password and NT password. However, I cannot log in to my account unless I change my password. This is how my account look like after "smbldap-passwd ksun" to the original password: ---------------------------------------------------------------------------- ----- dn: uid=ksun,ou=Users,dc=ab,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: ksun sn: ksun uid: ksun uidNumber: 1870 gidNumber: 513 homeDirectory: /u/ksun loginShell: /bin/tcsh gecos: System User description: System User sambaSID: S-1-5-21-72881033-379349262-1855928443-5162 sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-513 sambaLogonTime: 1090859130 sambaLMPassword: D2C0998710B6D0D260086A4D2CF0CF0E sambaAcctFlags: [U] sambaNTPassword: 0457C29D84903BB202DDD57B9958F67A sambaPwdLastSet: 1090946249 sambaPwdMustChange: 1094834249 userPassword: {MD5}oL1Na14I3VPzA6/fq8Wx5Q== ---------------------------------------------------------------------------- ------ Look at the difference of these two outputs: +++++++++++++++++++++++++++++++++++++++++++++++ 12d11 < userPassword: {crypt}x 16a16 > sambaAcctFlags: [U] 18,19c18,20 < sambaPwdLastSet: 1069686468 < sambaAcctFlags: [NU ] --- > sambaPwdLastSet: 1090946249 > sambaPwdMustChange: 1094834249 > userPassword: {MD5}oL1Na14I3VPzA6/fq8Wx5Q== +++++++++++++++++++++++++++++++++++++++++++++++ Surprisingly, the neither NT nor LM passwords changed. The different is the "userPassword", which I assume is the Posix account password, which does not exist in the old NT PDC at all! Of course the migration won't have the right password. I do have "ldap passwd sync = Yes" in my smb.conf file, questions are: 1. Why samba/ldap authenticate using posix password instead of LM/NT passwords? 2. Does it synchronize the userPassord password to the NT/LM password or the otherway around? 3. When does the synchronization happens or being triggered? 4. Is there a way of manually "copy" the LM/NT password to userPassword field? The other difference is the change of the sambaAcctFlag: [U ] instead of [NU ]. I wonder if that changes anything. Thanks! -- Kang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba