Andrew Bartlett wrote:
On Sat, 2005-10-08 at 09:29 -0500, Philip Washington wrote:
I was under the impression that once the PDC was transferred then USER2
could log into the MACHINE2 and not have any indication that there was a
difference in the platform the PDC was running on or that there had been
a change.
This very much depends on what the values on the old PDC are and what
you have set in your new smb.conf.
You haven't told us very much about how your domain is setup, what
values you found in the replica LDAP, and in particular what you saw the
client doing in the domain logon.
In particular, is the logon path filled in, in the SamLogon reply?
(observed best with a level 10 debug). Does the client attempt to
contact the roaming profile server? What is your logon path set to in
NT4, and what is the value in LDAP now? Anything else in the logs?
Andrew Bartlett
I'm redoing the samba setup again and will try to get more of this
information. We actually tried this a year ago with 3.0.0 and were able
to get the logons, but the profiles were changing. We are going to try
again and follow the directions in the new version of Samba3 -examples.
What I was trying to avoid was the 2 or 3 days getting it up and tested
and then find out that USER1 on MACHINE1 has a different profile, that
what he had before. We do not use roaming profiles.
Also if anybody knows what is the best was to start the ldap server over
from scratch and make sure it has been completely clean of previous
attempts.
I'm hoping that by tomorrow I'll have the server up and running and
begin testing
We are using smbldap-tools.tar.gz version 9.0.0
samb-3.0.10-1.4e
What if I decide to start this over from scratch. What is the best way
to clear out the LdAP server and start all over? I think that we
are close to having everything correct, but something just isn't quite
right.
The latest incantation doesn't appear to be working ( we haven't back
tested but were testing as we went along and didn't see a lot of problems.
The smb.conf
-----------------------------------------------------------------------
/|[global]|/
/|workgroup = DOMAINA
|/
/|netbios name = MERLIN
|/
/|passdb backend = ldapsam:ldap://localhost|/
/|log level = 1|/
/|syslog = 0|/
/|log file = /var/log/samba/%m|/
/|max log size = 0|/
/|smb ports = 139 445|/
/|name resolve order = wins bcast hosts|/
/|add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'|/
/|#delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'|/
/|add group script = /opt/IDEALX/sbin/smbldap-groupadd '%g'|/
/|#delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'|/
/|add user to group script = /opt/IDEALX/sbin/ smbldap-groupmod -m '%u'
'%g'|/
/|#delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
'%u' '%g'|/
/|set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g'
'%u'|/
/|add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'|/
/|logon script = scripts\logon.cmd|/
/|logon path = \\%L\profiles\%U|/
/|logon home = \\%L\%U|/
/|logon drive = X:|/
/|domain logons = Yes|/
/|#domain master = Yes
|/
/|wins support = Yes|/
/|#wins server = 192.168.1.20|/
/|ldap admin dn = cn=Manager,dc=domaina,dc=org|/
/|ldap group suffix = ou=Groups|/
/|ldap idmap suffix = ou=Idmap|/
/|ldap machine suffix = ou=People|/
/|ldap passwd sync = Yes|/
/|ldap suffix = dc=domaina,dc=com|/
/|ldap ssl = no|/
/|ldap timeout = 20|/
/|ldap user suffix = ou=People|/
/|idmap backend = ldap:ldap://localhost|/
/|idmap uid = 15000-20000|/
/|idmap gid = 15000-20000|/
/|winbind nested groups = Yes|/
/|ea support = Yes|/
/|map acl inherit = Yes|/
/|[apps]|/
/|comment = Application Data|/
/|path = /data/home/apps|/
/|read only = No|/
/|[homes]|/
/|comment = Home Directories|/
/|path = /home/users/%U/Documents|/
/|valid users = %S|/
/|read only = No|/
/|browseable = No|/
/|[printers]|/
/|comment = SMB Print Spool|/
/|path = /var/spool/samba|/
/|guest ok = Yes|/
/|printable = Yes|/
/|use client driver = No|/
/|browseable = No|/
/|[netlogon]|/
/|comment = Network Logon Service|/
/|path = /var/lib/samba/netlogon|/
/|guest ok = Yes|/
/|locking = No|/
/|[profiles]|/
/|comment = Profile Share|/
/|path = /var/lib/samba/profiles|/
/|read only = No|/
/|profile acls = Yes|/
/|[profdata]|/
/|comment = Profile Data Share|/
/|path = /var/lib/samba/profdata|/
/|read only = No|/
/|profile acls = Yes|/
/|[print$]|/
/|comment = Printer Drivers|/
/|path = /var/lib/samba/drivers|/
testparm after this looks good
After going through the steps in Ch9 to config slapd-tool and then doing
a transfer
we get to the part where we run
net rpc vampire -S DomainAServ -UAdministrator%not24get
pbedit -Lw
and some of the data looks okay but we have some users with
User2:9:XXXXXXXXXXXXXXXXXXXXXXXXXXX.......
User3:10:XXXXXXXXXXXXXXXXXXXXXXXXXX.....
I have also been forwarded 3 emails with the same problem and there
hoping I'll find a solution.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
