Philip Washington wrote:
Craig White wrote:
On Mon, 2005-10-10 at 12:47 -0500, Philip Washington wrote:
Philip Washington wrote:
Craig White wrote:
On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote:
On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote:
After migration of an NT4 domain to Samba we find that when
users log in they have a new profile. Since we cannot deal with
this on all of the computers with all of the users we have had
to stop the migration.
I have searched through the archive and not been able to find
any answers to this issue, I did find a relevant article though
and apparently they didn't have an answer in 2002.
http://lists.samba.org/archive/samba/2002-August/050163.html
Has anyone found a way to resolve this?
We are not using roaming profiles.
----
I am hoping that you really aren't looking for wild speculation
as to
what may be the problem. Some things that you should consider
sharing
with us so that we might be able to make a useful suggestion...
samba version ?
SID ? 'net getlocalsid' does this match the SID of the domain
that the
machines that were already joined to the domain? Did you actually
'net
setlocalsid' to match?
from your smb.conf
passdb ?
logon path = ?
security = ?
domain logons = ?
domain master = ?
preferred master = ?
If we took an example of one or two users who had a problem with
their
profiles...what's output of things like
pdbedit -L USER_NAME ?
does the profile path actually work? Is it reachable from a Windows
system?
privileges on profile server permit access?
otherwise, I would just say that you're having a bad day.
----
I should have pointed out...
logon path =
(that's right - blank) prevents roaming profiles
and perhaps, because I am not very smart and was trying to
populate LDAP
with which I was pretty unfamiliar, I had to run through the vampire
process a lot of times before I got everything working the way I
wanted
it. My second time doing the vampire thing to LDAP was considerably
easier. Even though the documentation was excellent, the devil is
in the
details.
Craig
We had spent 3 days on it and got it to work without the roaming
profiles ( Using Ch 8 from Samba-3 by Example and help here). It
sounds like we went through some of the same issues with vampire,
but it looked like we had it working with our test system.
We had a test machine MACHINE1 in NT4 DOMAINA.
We transfered DOMAINA over to a SambaPDC-with LDAP.
Moved MACHINE1 over to the test environment with a SambaPDC-with
LDAP. Logged in TESTUSER1 everything looked fine, no roaming
profile (we did a jig and jumped for joy ).
We then moved MACHINE2 over to the test environment logged in
TESTUSER1 (we had transfered TESTUSER1 from the original NT4
domain). We then logged in USER2 which was the primary user for
this computer when it was in the NT4 domain. That was when we
found out that Outlook treated the user as someone completely
different, as well as other programs on the machine, the desktop
was completely changed to default. After spending another day on it
we had to move on, but we are now willing to try again from scratch.
Did we still have something wrong? Has/does this work with the
latest version?
Goal 1: is USER1 on MACHINE1 can log into the system and not tell
that something has changed (Namely there is a different PDC platform).
Goal 2: The IT department doesn't have to write a bunch of scripts
to move profile information on each computer.
Is this possible, because I was of the impression that once we
finished the client MACHINE1 and user USER1 wouldn't know or act
any differently when logging into NT4 as the PDC vs logging into
the transfered DOMAINA on the Samba-LDAP PDC.
----
in all fairness, I have let this go because you didn't answer any of the
questions that I asked. I'm not sure why anyone else didn't follow up
but perhaps they were thinking along the same lines that I was.
In light of no reply, you might consider starting over, and rephrasing
your questions.
In short, I had absolutely no problems with migrating users from NT PDC
to Samba PDC but I have always used LDAP as backend for the migration
and roaming profiles.
Craig
Okay, I appear to have it working now. The first time it didn't work
because we were using the old version of Samba3-by Examples.
The second time it didn't work because we may, may (stressed) have
done something wrong or it may have been because we were using
samba-3.0.10.
Today we recompiled from Fedora samba-3.0.20b to a RHEL4 system,
because the new version of Samba3-by Examples is based on this book.
We went through everything as shown in Chapter 9. The only difference
was 'logon path = ', so we didn't have roaming profiles (And of course
our domain and computer names were different). So far we have
pulled 3 computers from our original domain and not seen any problems.
Users login and they get there original profile.
The only difference I saw between what was in the directions and what
I actually saw was that when you do the 'getent passwd' and 'getent
group' the delimiters +::0:: were not there.We pressed on to see what
would happen and so far it appears to be working.
Next is the member servers to see how well they do (We have 2 which
are using winbind).
Hope this helps someone else and I appreciate the help I was given here.
Okay I was a bit premature, we are now getting timeout errors on ldap
and when I run
smbclient -L //SAMBAPDC
I get session timeout.
This worked last night and the computers were on an isolated network in
a locked lab. Don't understand what happened overnight.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
