Phil, After migrating the domain data did you change the role of the Samba server to PDC?
In your smb.conf you need to set in [global]: domain master = Yes The run 'testparm' to validate your settings. - John T. On Wednesday 16 March 2005 05:39, Phil Dawson wrote: > Hello, > > Second post: first had logs attached but was too big. > > I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode > install ), 1 linux server ( to become pdc ) and a win xp box to test logon > when the migration was completed. The problem is no matter what I try > after the migration the win xp's logonserver = windows server not linux > server. I have no idea what is going on here. I've listed the process > for migration just incase I'm doing something wrong. > > NB: Initially I had a problem with the migration because machines were not > being created. The problem was due to useradd conforming to the posix > standard and wouldn't allow accounts prefixed with $. Got an interim fix > from RedHat which fixed this problem. > > i can log in using > > smbclient -L localhost -U% -- anonymous shares available > smbclient -L //linuxpdc/public -U pdawson -- shares available plus home > directory > > > > Is there anything obvious I've missed? I've been at this for weeks now > and have no idea what to check next. ( logs are a blur now ). > > > for the purpose of log entries ( supplied if requested ) > > Domain: TESTPDC0 > Windows 2000: TESTPDC ( 192.168.44.80 ) > Linux Server LINUXPDC ( RHES4 ) ( 192.168.44.81 ) > WinXP ( 192.168.44.20 ) ( > machine name HP96281120913 ) > > > Added linuxpdc and testpdc to /etc/samba/lmhosts > Added linuxpdc and testpdc to our DNS > > > cleaned groups up with > > ------ delGrps.sh ------------ > > net groupmap cleanup > net groupmap delete ntgroup="Print Operators" > net groupmap delete ntgroup="Domain Guests" > net groupmap delete ntgroup="System Operators" > net groupmap delete ntgroup="DnsAdmins" > net groupmap delete ntgroup="Replicator" > net groupmap delete ntgroup="Guests" > net groupmap delete ntgroup="Power Users" > net groupmap delete ntgroup="DnsUpdateProxy" > net groupmap delete ntgroup="Administrators" > net groupmap delete ntgroup="Account Operators" > net groupmap delete ntgroup="Backup Operators" > net groupmap delete ntgroup="Users" > net groupmap delete ntgroup="Domain Users" > net groupmap delete ntgroup="Domain Admins" > net groupmap delete ntgroup="Domain Computers" > net groupmap delete ntgroup="Cert Publishers" > net groupmap delete ntgroup="RAS and IAS Servers" > net groupmap delete ntgroup="Pre-Windows 2000 Compatible Access" > net groupmap delete ntgroup="Group Policy Creator Owners" > net groupmap delete ntgroup="Enterprise Admins" > net groupmap delete ntgroup="Domain Controllers" > net groupmap delete ntgroup="Schema Admins" > net groupmap delete ntgroup="Server Operators" > > ------ delGrps.sh end ------------ > > > removed secrets.tdb and passwd.tdb > > set up smb.conf to be ROLE_DOMAIN_BDC > > < testparm showed no errors > > > net rpc join -S testpdc -W testpdc0 -UAdministrator%password > > < joined the domain ok. checked on the win2000 server and linuxpdc was > listed as a domain controller > > > net rpc getsid -S testpdc -W testpdc0 > > < sid was put into secrets > > > net getlocalsid testpdc0 > > S-1-5-21-705938202-4238141491-2786779978 > > < showed correct sid > > > net getlocalsid > > < no sid available so used: > > > net setlocalsid S-1-5-21-705938202-4238141491-2786779978 > > net getlocalsid > > S-1-5-21-705938202-4238141491-2786779978 > > < used initGrps.sh script to add groups > > > ------- initGrps.sh ---------- > > net groupmap modify ntgroup="Domain Admins" unixgroup=root > net groupmap modify ntgroup="Domain Users" unixgroup=users > net groupmap modify ntgroup="Domain Guests" unixgroup=nobody > > ------- initGrps.sh end ---------- > > net rpc vampire -S testpdc -U Administrator%password > > < no errors> > > < list the groups on win 2000 box > > > net group -l -S testpdc -U Administrator%password > > < list groups on linuxpdc > > > net groupmap list > > > ----------------------------------------- > > Server Operators (S-1-5-32-549) -> Server Operators > Domain Guests (S-1-5-21-705938202-4238141491-2786779978-514) -> nobody > Enterprise Admins (S-1-5-21-705938202-4238141491-2786779978-519) -> > Enterprise Admins > DnsAdmins (S-1-5-21-705938202-4238141491-2786779978-1101) -> DnsAdmins > Domain Controllers (S-1-5-21-705938202-4238141491-2786779978-516) -> > Domain Controllers > Administrators (S-1-5-21-705938202-4238141491-2786779978-1007) -> sys > Schema Admins (S-1-5-21-705938202-4238141491-2786779978-518) -> Schema > Admins > Replicators (S-1-5-21-705938202-4238141491-2786779978-1019) -> kmem > Replicator (S-1-5-32-552) -> Replicator > Guests (S-1-5-32-546) -> nobody > Group Policy Creator Owners (S-1-5-21-705938202-4238141491-2786779978-520) > -> Group Policy Creator Owners > Domain Users (S-1-5-21-705938202-4238141491-2786779978-1201) -> users > Power Users (S-1-5-32-547) -> ntadmin > Domain Guests (S-1-5-21-705938202-4238141491-2786779978-1199) -> nobody > DnsUpdateProxy (S-1-5-21-705938202-4238141491-2786779978-1102) -> > DnsUpdateProxy > Print Operators (S-1-5-32-550) -> lp > Administrators (S-1-5-32-544) -> Administrators > Pre-Windows 2000 Compatible Access (S-1-5-32-554) -> Pre-Windows 2000 > Compatible Access > Account Operators (S-1-5-32-548) -> wheel > Domain Admins (S-1-5-21-705938202-4238141491-2786779978-1001) -> root > Account Operators (S-1-5-21-705938202-4238141491-2786779978-1021) -> wheel > Backup Operators (S-1-5-32-551) -> bin > Users (S-1-5-32-545) -> public > Backup Operators (S-1-5-21-705938202-4238141491-2786779978-1003) -> bin > RAS and IAS Servers (S-1-5-21-705938202-4238141491-2786779978-553) -> RAS > and IAS Servers > Print Operators (S-1-5-21-705938202-4238141491-2786779978-1015) -> lp > Domain Users (S-1-5-21-705938202-4238141491-2786779978-513) -> users > System Operators (S-1-5-21-705938202-4238141491-2786779978-1005) -> daemon > Domain Computers (S-1-5-21-705938202-4238141491-2786779978-515) -> Domain > Computers > Domain Admins (S-1-5-21-705938202-4238141491-2786779978-512) -> root > Cert Publishers (S-1-5-21-705938202-4238141491-2786779978-517) -> Cert > Publishers > > > ------------------------------------------- > > > > < everything seems ok > > > < checked users and groups. everything migrated ok. > > > < added all imported users to the users group. > > > < changed linuxpdc to be domain master > > > testparm verified this > > < switched off win2000 pdc > > > < started smb with: > > > service smb start > > < switched on win xp box > > > < used regedit to change signorseal > > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters > "RequireSignOrSeal"=dword:00000000 > > < re-booted xp machine > > > < seemed to log in ok > > > username: pdawson > password: password > > < opened console with cmd > > > < run set > > > < LOGONSERVER=\\TESTPDC <--- not what I was expecting > > > < no drive mapping and logon.bat didn't run > > > > > > > <<<< had to remove logs ... too big for list. could be supplied on demand > > > > > Regards, > > Phil -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba