[Samba] User settings after migration
Hi All, We have an NT4 machine which is our PDC. I'm looking to replace this with one of our linux servers. I joined the linux server to the domain ok. Then I vampired all the accounts across which worked ok. I then switched off NT PDC, made samba the master and start samba service. Problem is we are loosing all our settings. After a quick hunt around I noticed a new profiles directory was created on my machine. To elaborate: Say we have a domain called MORGAN and a user called jbarnes: when using the NT4 PDC he had a directory under Documents and Settings called jbarnes. When he logged on to the linux PDC a new folder was created called jbarnes.MORGAN. Users loose all their settings :( Can we make windows use the same profiles directory after migration? Why is windows creating a new profile folder? Thanks in advance. Phil. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User profiles ...
Hi All, When I log into a samba PDC for the first time I get a new folder on my machine called jbloggs.MYDOMAIN but when logging into an NT 4 PDC I just get a jbloggs folder. Any ideas? Thanks in advance. Phil. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User settings after migration
Hi All, We have an NT4 machine which is our PDC. I'm looking to replace this with one of our linux servers. I joined the linux server to the domain ok. Then I vampired all the accounts across which worked ok. I then switched off NT PDC, made samba the master and start samba service. Problem is we are loosing all our settings. After a quick hunt around I noticed a new profiles directory was created on my machine. To elaborate: Say we have a domain called MORGAN and a user called jbarnes: when using the NT4 PDC he had a directory under Documents and Settings called jbarnes. When he logged on to the linux PDC a new folder was created called jbarnes.MORGAN. Users loose all their settings :( Can we make windows use the same profiles directory after migration? Why is windows creating a new profile folder? Thanks in advance. Phil. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adduser failing to accept 'username$'
If you are using Redhat AS/ES then this is probably the same problem we had. RedHat have been making changes to packages to be POSIX compliant. The problem you have is not SAMBA as such but programs it uses. In your case it is useradd. There now exists a fix for RedHat ES/AS v4. We reported this problem to RedHat about three or so months ago and they reacted with impressive speed. If you can't find the fix mail me off list and I'll hunt around on our systems for the RPM. Phil. Casper Helenius [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 15/06/2005 08:45 To Geoff Scott [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] Adduser failing to accept 'username$' Geoff Scott wrote: Casper Helenius wrote: Hi group, For some odd reason - most likely my current level of n00bness - my useradd refuses to accept the $ in the machine name, when adding a Windows machine to my Samba 3 installation. I'm running Red Hat linux with a newly compiled version of Samba 3.0.14a. What passdb backend are you using? Ldapsam tdbsam etc? Have you read through the Samba Guide in the documantation aprt of the web site? Regards Geoff Scott I'm currently using tdbsam - and I hve my trusty Official Samba-3 guide by the hand. I've now tried to add the machine to my linux box without the $ in the end of the name - and then adding the $ to my /etc/passwd file as well as adding my machine and my windows user to my Samba pass db, and it gets me a little further. (I think ..) While trying to add my windows xp machine to the domain, I now get an access denied instead of user not found error. Looking through the logs have given me no clue whatsoever. Any ideas to share, out there? :o) Best regards, Casper Helenius, Denmark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] HELP !!! migrating from win2000 pdc to linux pdc
Hello, I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode install ), 1 linux server ( to become pdc ) and a win xp box to test logon when the migration was completed. The problem is no matter what I try after the migration the win xp's logonserver = windows server not linux server. I have no idea what is going on here. I've listed the process for migration just incase I'm doing something wrong. NB: Initially I had a problem with the migration because machines were not being created. The problem was due to useradd conforming to the posix standard and wouldn't allow accounts prefixed with $. Got an interim fix from RedHat which fixed this problem. Is there anything obvious I've missed? I've been at this for weeks now and have no idea what to check next. ( logs are a blur now ). Domain: TESTPDC0 Windows 2000: TESTPDC ( 192.168.44.80 ) Linux ServerLINUXPDC ( RHES4 )( 192.168.44.81 ) WinXP ( 192.168.44.20 ) ( machine name HP96281120913 ) Added linuxpdc and testpdc to /etc/samba/lmhosts Added linuxpdc and testpdc to our DNS cleaned groups up with -- delGrps.sh net groupmap cleanup net groupmap delete ntgroup=Print Operators net groupmap delete ntgroup=Domain Guests net groupmap delete ntgroup=System Operators net groupmap delete ntgroup=DnsAdmins net groupmap delete ntgroup=Replicator net groupmap delete ntgroup=Guests net groupmap delete ntgroup=Power Users net groupmap delete ntgroup=DnsUpdateProxy net groupmap delete ntgroup=Administrators net groupmap delete ntgroup=Account Operators net groupmap delete ntgroup=Backup Operators net groupmap delete ntgroup=Users net groupmap delete ntgroup=Domain Users net groupmap delete ntgroup=Domain Admins net groupmap delete ntgroup=Domain Computers net groupmap delete ntgroup=Cert Publishers net groupmap delete ntgroup=RAS and IAS Servers net groupmap delete ntgroup=Pre-Windows 2000 Compatible Access net groupmap delete ntgroup=Group Policy Creator Owners net groupmap delete ntgroup=Enterprise Admins net groupmap delete ntgroup=Domain Controllers net groupmap delete ntgroup=Schema Admins net groupmap delete ntgroup=Server Operators -- delGrps.sh end removed secrets.tdb and passwd.tdb set up smb.conf to be ROLE_DOMAIN_BDC testparm showed no errors net rpc join -S testpdc -W testpdc0 -UAdministrator%password joined the domain ok. checked on the win2000 server and linuxpdc was listed as a domain controller net rpc getsid -S testpdc -W testpdc0 sid was put into secrets net getlocalsid testpdc0 showed correct sid net getlocalsid no sid available so used: net setlocalsid sid from above net getlocalsid correct sid showing used initGrps.sh script to add groups --- initGrps.sh -- net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Guests unixgroup=nobody --- initGrps.sh end -- net rpc vampire -S testpdc -U Administrator%password no errors list the groups on win 2000 box net group -l -S testpdc -U Administrator%password list groups on linuxpdc net groupmap list everything seems ok checked users and groups. everything migrated ok. added all imported users to the users group. changed linuxpdc to be domain master testparm verified this switched off win2000 pdc started smb with: service smb start switched on win xp box used regedit to change signorseal HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters RequireSignOrSeal=dword: re-booted xp machine seemed to log in ok username: pdawson password: password opened console with cmd run set LOGONSERVER=\\TESTPDC --- not what I was expecting no drive mapping and logon.bat didn't run Regards, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Machine trusts after migration
I've migrated from windows pdc to samba and came across a strange problem. When doing the migration everything went ok. I vampired the accounts and created the group mappings etc. The machine and user accounts came across ok. The xp box I've been testing with was authenticating and could access the shares but was not seeing the samba box as the pdc. Everything seemed to be set up ok. What I had to do was enter system properties/computer name then select network id and re-create a machine account on the samba server. After that the xp box would log onto the domain. The funny thing is nothing seems to have changed on the samba server. User and machine accounts are still there and haven't changed. Secrets is the same. Group mappings are the same. Obviously, something would have changed on the xp workstation but I was under the impression the xp box should have used the new pdc as this pdc was the only one available to it for this domain. Currently using samba 3.0.10-1.4E. Can anyone shed some light on why this would happen? TIA, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net getlocalsid problem ???
Hi List, I'm currently migrating from win2000 to linux ( samba 3.0.10-1.4E ). Domain = TESTDOMAIN Windows Box Name = TESTPDC Linux Box = LINUXPDC I have joined the windows pdc from the linux box. Next I use: net getsid -S TESTPDC -W TESTDOMAIN which puts my SID in secrets.tdb. All is fine here. Next I use net getlocalsid which gives me an error so I use net getlocalsid TESTDOMAIN which gives me the correct SID. I then use net setlocalsid SID INSERTED HERE which sets the SID as expected. I then use net getlocalsid which gives me: SID for domain LINUXPDC is: S- . etc Does anyone know why this is showing LINUXPDC as my domain and not TESTDOMAIN ??? In my smb.conf I have workgroup = TESTDOMAIN netbios name = LINUXPDC Any help would be appreciated, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to get default yp domain
Hi List, I'm having a few problems after I migrated from win2000 to samba PDC. I am unable to log on to the PDC. Here is an excerpt from the client log: [2005/03/24 10:13:52.251751, 5, pid=8911, effective(0, 0), real(0, 0)] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2005/03/24 10:13:52.252446, 5, pid=8911, effective(0, 0), real(0, 0)] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2005/03/24 10:13:52.253003, 2, pid=8911, effective(0, 0), real(0, 0)] smbd/uid.c:change_to_user(202) change_to_user: SMB user (unix user Guest, vuid 100) not permitted access to share IPC$. [2005/03/24 10:13:52.253241, 0, pid=8911, effective(0, 0), real(0, 0)] smbd/service.c:make_connection_snum(570) Can't become connected user! [2005/03/24 10:13:52.254443, 3, pid=8911, effective(0, 0), real(0, 0)] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_LOGON_FAILURE If someone would kindly explain the errors it would help immensely. Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap problem
Hi list, I'm having problems removing entries using net groupmap. When I use net groupmap ntgroup=Domain Guests I see a message saying it has been successfully removed Domain Guests from the mapping db. The problem is I have multiple Domain Guests with the same sid. Can someone please tell me how to remove duplicates?. I've also tried net groupmap delete sid=S-1-5-21-705938202-4238141491-2786779978 but I get a message saying Failed to removing group S-1-5-21-705938202-4238141491-2786779978 from the mapping db!. Also tried net groupmap cleanup but that doesn't work either. If there is no way of removing the entries using commands can I just delete the database? TIA Phil System Operators (S-1-5-32-549) - -1 Domain Guests (S-1-5-21-705938202-4238141491-2786779978-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Domain Guests (S-1-5-21-705938202-4238141491-2786779978-1199) - nobody Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Account Operators (S-1-5-21-705938202-4238141491-2786779978-1021) - wheel Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Backup Operators (S-1-5-21-705938202-4238141491-2786779978-1003) - bin Print Operators (S-1-5-21-705938202-4238141491-2786779978-1015) - lp Domain Users (S-1-5-21-705938202-4238141491-2786779978-513) - -1 System Operators (S-1-5-21-705938202-4238141491-2786779978-1005) - daemon Domain Admins (S-1-5-21-705938202-4238141491-2786779978-512) - -1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net groupmap problem SOLVED!
I was doing something silly. I was useing S-1-5-21-705938202-4238141491-2786779978 instead of S-1-5-21-705938202-4238141491-2786779978-1199. Phil. Phil Dawson [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 18/03/2005 08:31 To samba@lists.samba.org cc Subject [Samba] net groupmap problem Hi list, I'm having problems removing entries using net groupmap. When I use net groupmap ntgroup=Domain Guests I see a message saying it has been successfully removed Domain Guests from the mapping db. The problem is I have multiple Domain Guests with the same sid. Can someone please tell me how to remove duplicates?. I've also tried net groupmap delete sid=S-1-5-21-705938202-4238141491-2786779978 but I get a message saying Failed to removing group S-1-5-21-705938202-4238141491-2786779978 from the mapping db!. Also tried net groupmap cleanup but that doesn't work either. If there is no way of removing the entries using commands can I just delete the database? TIA Phil System Operators (S-1-5-32-549) - -1 Domain Guests (S-1-5-21-705938202-4238141491-2786779978-514) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Domain Guests (S-1-5-21-705938202-4238141491-2786779978-1199) - nobody Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Account Operators (S-1-5-21-705938202-4238141491-2786779978-1021) - wheel Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Backup Operators (S-1-5-21-705938202-4238141491-2786779978-1003) - bin Print Operators (S-1-5-21-705938202-4238141491-2786779978-1015) - lp Domain Users (S-1-5-21-705938202-4238141491-2786779978-513) - -1 System Operators (S-1-5-21-705938202-4238141491-2786779978-1005) - daemon Domain Admins (S-1-5-21-705938202-4238141491-2786779978-512) - -1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
John, In my original port I said quote: changed linuxpdc to be domain master I wrote to mean changed linuxpdc to be ROLE_DOMAIN_PDC. Sorry if I didn't make myself clear. I did test with testparm before trying to log on. Everything looked ok. Again, it didn't work. What I have tried since is to take the winxp box out of the domain and re-join it to the domain when linuxpdc is the PDC. Now when I log on and run the set command is see LOGONSERVER=//LINUXPDC which is what I was expecting originally. Still having problems getting logon.bat to run when logging on. Will have a look at this today. I'm also going through the logs and settings/password files etc to see if I can spot any differences. Upto now: xp box can log onto the domain when LINUXPDC is the PDC for the domain. ( after re-joining ) all shares are available linuxpdc is visible in the network i think its safe to say DNS entries are ok. winxp hack worked because we have proved we can log onto the linuxpdc. Another question is, if I take machines out of the domain then re-add them as I have done above and as long as the domain has the same SID when I re-join machines to the domain will they use the same local profile ( my documents / desktop ) etc ... Any other ideas ??? Phil. John H Terpstra [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 16/03/2005 14:54 Please respond to [EMAIL PROTECTED] To samba@lists.samba.org cc Subject Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc Phil, After migrating the domain data did you change the role of the Samba server to PDC? In your smb.conf you need to set in [global]: domain master = Yes The run 'testparm' to validate your settings. - John T. On Wednesday 16 March 2005 05:39, Phil Dawson wrote: Hello, Second post: first had logs attached but was too big. I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode install ), 1 linux server ( to become pdc ) and a win xp box to test logon when the migration was completed. The problem is no matter what I try after the migration the win xp's logonserver = windows server not linux server. I have no idea what is going on here. I've listed the process for migration just incase I'm doing something wrong. NB: Initially I had a problem with the migration because machines were not being created. The problem was due to useradd conforming to the posix standard and wouldn't allow accounts prefixed with $. Got an interim fix from RedHat which fixed this problem. i can log in using smbclient -L localhost -U% -- anonymous shares available smbclient -L //linuxpdc/public -U pdawson -- shares available plus home directory Is there anything obvious I've missed? I've been at this for weeks now and have no idea what to check next. ( logs are a blur now ). for the purpose of log entries ( supplied if requested ) Domain: TESTPDC0 Windows 2000: TESTPDC ( 192.168.44.80 ) Linux ServerLINUXPDC ( RHES4 )( 192.168.44.81 ) WinXP ( 192.168.44.20 ) ( machine name HP96281120913 ) Added linuxpdc and testpdc to /etc/samba/lmhosts Added linuxpdc and testpdc to our DNS cleaned groups up with -- delGrps.sh net groupmap cleanup net groupmap delete ntgroup=Print Operators net groupmap delete ntgroup=Domain Guests net groupmap delete ntgroup=System Operators net groupmap delete ntgroup=DnsAdmins net groupmap delete ntgroup=Replicator net groupmap delete ntgroup=Guests net groupmap delete ntgroup=Power Users net groupmap delete ntgroup=DnsUpdateProxy net groupmap delete ntgroup=Administrators net groupmap delete ntgroup=Account Operators net groupmap delete ntgroup=Backup Operators net groupmap delete ntgroup=Users net groupmap delete ntgroup=Domain Users net groupmap delete ntgroup=Domain Admins net groupmap delete ntgroup=Domain Computers net groupmap delete ntgroup=Cert Publishers net groupmap delete ntgroup=RAS and IAS Servers net groupmap delete ntgroup=Pre-Windows 2000 Compatible Access net groupmap delete ntgroup=Group Policy Creator Owners net groupmap delete ntgroup=Enterprise Admins net groupmap delete ntgroup=Domain Controllers net groupmap delete ntgroup=Schema Admins net groupmap delete ntgroup=Server Operators -- delGrps.sh end removed secrets.tdb and passwd.tdb set up smb.conf to be ROLE_DOMAIN_BDC testparm showed no errors net rpc join -S testpdc -W testpdc0 -UAdministrator%password joined the domain ok. checked on the win2000 server and linuxpdc was listed as a domain controller net rpc getsid -S testpdc -W testpdc0 sid was put into secrets net getlocalsid testpdc0 S-1-5-21-705938202-4238141491-2786779978 showed correct sid net getlocalsid no sid available so used: net setlocalsid S-1-5-21-705938202-4238141491-2786779978 net getlocalsid S-1-5-21-705938202
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
Hi, I did remove the windows PDC from the network by way of switching it off. Something occurred to me, if the windows xp box has LOGONSERVER=//TESTPDC then is it possible to fix this problem by changing the netbios name of LINUXPDC to TESTPDC. That way win xp boxes would point to the new server and not know any difference. Obviously I'd have to change the DNS etc to make sure. Process is: Join Samba machine to PDC as Domain Controller Migrate from old PDC to Samba PDC Check everything was ok Take old PDC off network Make Samba box to PDC ( Domain Master = Yes ) Change netbios name of Samba PDC from LINUXPDC to TESTPDC Change DNS, lmhosts, hosts ( we make sure by changing all :-) ) Bring up Samba PDC Check can log on from win xp box Question is, would this break any trusts? Anyone done this before? TIA Phil Denis Vlasenko [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 17/03/2005 10:27 To Phil Dawson [EMAIL PROTECTED], [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc On Thursday 17 March 2005 10:32, Phil Dawson wrote: John, In my original port I said quote: changed linuxpdc to be domain master I wrote to mean changed linuxpdc to be ROLE_DOMAIN_PDC. Sorry if I didn't make myself clear. I did test with testparm before trying to log on. Everything looked ok. Again, it didn't work. What I have tried since is to take the winxp box out of the domain and re-join it to the domain when linuxpdc is the PDC. Now when I log on and run the set command is see LOGONSERVER=//LINUXPDC which is what I was expecting originally. Still having problems getting logon.bat to run when logging on. Will have a look at this today. I'm also going through the logs and settings/password files etc to see if I can spot any differences. Did you remove former Windows PDC box from the network? (By powering it off or unplugging network cable) -- vda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vampire question
Hi Kurt, Don't know if this is any help. We currently have a similar problem on RHAS 3 4. RedHat bug report: https://www.redhat.com/archives/fedora-test-list/2004-November/msg01576.html Phil Kurt A. Brust [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/03/2005 18:34 To [EMAIL PROTECTED] cc Subject [Samba] vampire question . when running net rpc vampire -S ntserver -U Administrator%stacy182 --- everything seems to run fine however I do get could not create posix account info for 'machine name$' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
