[Samba] HELP !!! migrating from win2000 pdc to linux pdc
Hello, I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode install ), 1 linux server ( to become pdc ) and a win xp box to test logon when the migration was completed. The problem is no matter what I try after the migration the win xp's logonserver = windows server not linux server. I have no idea what is going on here. I've listed the process for migration just incase I'm doing something wrong. NB: Initially I had a problem with the migration because machines were not being created. The problem was due to useradd conforming to the posix standard and wouldn't allow accounts prefixed with $. Got an interim fix from RedHat which fixed this problem. Is there anything obvious I've missed? I've been at this for weeks now and have no idea what to check next. ( logs are a blur now ). Domain: TESTPDC0 Windows 2000: TESTPDC ( 192.168.44.80 ) Linux ServerLINUXPDC ( RHES4 )( 192.168.44.81 ) WinXP ( 192.168.44.20 ) ( machine name HP96281120913 ) Added linuxpdc and testpdc to /etc/samba/lmhosts Added linuxpdc and testpdc to our DNS cleaned groups up with -- delGrps.sh net groupmap cleanup net groupmap delete ntgroup=Print Operators net groupmap delete ntgroup=Domain Guests net groupmap delete ntgroup=System Operators net groupmap delete ntgroup=DnsAdmins net groupmap delete ntgroup=Replicator net groupmap delete ntgroup=Guests net groupmap delete ntgroup=Power Users net groupmap delete ntgroup=DnsUpdateProxy net groupmap delete ntgroup=Administrators net groupmap delete ntgroup=Account Operators net groupmap delete ntgroup=Backup Operators net groupmap delete ntgroup=Users net groupmap delete ntgroup=Domain Users net groupmap delete ntgroup=Domain Admins net groupmap delete ntgroup=Domain Computers net groupmap delete ntgroup=Cert Publishers net groupmap delete ntgroup=RAS and IAS Servers net groupmap delete ntgroup=Pre-Windows 2000 Compatible Access net groupmap delete ntgroup=Group Policy Creator Owners net groupmap delete ntgroup=Enterprise Admins net groupmap delete ntgroup=Domain Controllers net groupmap delete ntgroup=Schema Admins net groupmap delete ntgroup=Server Operators -- delGrps.sh end removed secrets.tdb and passwd.tdb set up smb.conf to be ROLE_DOMAIN_BDC testparm showed no errors net rpc join -S testpdc -W testpdc0 -UAdministrator%password joined the domain ok. checked on the win2000 server and linuxpdc was listed as a domain controller net rpc getsid -S testpdc -W testpdc0 sid was put into secrets net getlocalsid testpdc0 showed correct sid net getlocalsid no sid available so used: net setlocalsid sid from above net getlocalsid correct sid showing used initGrps.sh script to add groups --- initGrps.sh -- net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Guests unixgroup=nobody --- initGrps.sh end -- net rpc vampire -S testpdc -U Administrator%password no errors list the groups on win 2000 box net group -l -S testpdc -U Administrator%password list groups on linuxpdc net groupmap list everything seems ok checked users and groups. everything migrated ok. added all imported users to the users group. changed linuxpdc to be domain master testparm verified this switched off win2000 pdc started smb with: service smb start switched on win xp box used regedit to change signorseal HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters RequireSignOrSeal=dword: re-booted xp machine seemed to log in ok username: pdawson password: password opened console with cmd run set LOGONSERVER=\\TESTPDC --- not what I was expecting no drive mapping and logon.bat didn't run Regards, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
John, In my original port I said quote: changed linuxpdc to be domain master I wrote to mean changed linuxpdc to be ROLE_DOMAIN_PDC. Sorry if I didn't make myself clear. I did test with testparm before trying to log on. Everything looked ok. Again, it didn't work. What I have tried since is to take the winxp box out of the domain and re-join it to the domain when linuxpdc is the PDC. Now when I log on and run the set command is see LOGONSERVER=//LINUXPDC which is what I was expecting originally. Still having problems getting logon.bat to run when logging on. Will have a look at this today. I'm also going through the logs and settings/password files etc to see if I can spot any differences. Upto now: xp box can log onto the domain when LINUXPDC is the PDC for the domain. ( after re-joining ) all shares are available linuxpdc is visible in the network i think its safe to say DNS entries are ok. winxp hack worked because we have proved we can log onto the linuxpdc. Another question is, if I take machines out of the domain then re-add them as I have done above and as long as the domain has the same SID when I re-join machines to the domain will they use the same local profile ( my documents / desktop ) etc ... Any other ideas ??? Phil. John H Terpstra [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 16/03/2005 14:54 Please respond to [EMAIL PROTECTED] To samba@lists.samba.org cc Subject Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc Phil, After migrating the domain data did you change the role of the Samba server to PDC? In your smb.conf you need to set in [global]: domain master = Yes The run 'testparm' to validate your settings. - John T. On Wednesday 16 March 2005 05:39, Phil Dawson wrote: Hello, Second post: first had logs attached but was too big. I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode install ), 1 linux server ( to become pdc ) and a win xp box to test logon when the migration was completed. The problem is no matter what I try after the migration the win xp's logonserver = windows server not linux server. I have no idea what is going on here. I've listed the process for migration just incase I'm doing something wrong. NB: Initially I had a problem with the migration because machines were not being created. The problem was due to useradd conforming to the posix standard and wouldn't allow accounts prefixed with $. Got an interim fix from RedHat which fixed this problem. i can log in using smbclient -L localhost -U% -- anonymous shares available smbclient -L //linuxpdc/public -U pdawson -- shares available plus home directory Is there anything obvious I've missed? I've been at this for weeks now and have no idea what to check next. ( logs are a blur now ). for the purpose of log entries ( supplied if requested ) Domain: TESTPDC0 Windows 2000: TESTPDC ( 192.168.44.80 ) Linux ServerLINUXPDC ( RHES4 )( 192.168.44.81 ) WinXP ( 192.168.44.20 ) ( machine name HP96281120913 ) Added linuxpdc and testpdc to /etc/samba/lmhosts Added linuxpdc and testpdc to our DNS cleaned groups up with -- delGrps.sh net groupmap cleanup net groupmap delete ntgroup=Print Operators net groupmap delete ntgroup=Domain Guests net groupmap delete ntgroup=System Operators net groupmap delete ntgroup=DnsAdmins net groupmap delete ntgroup=Replicator net groupmap delete ntgroup=Guests net groupmap delete ntgroup=Power Users net groupmap delete ntgroup=DnsUpdateProxy net groupmap delete ntgroup=Administrators net groupmap delete ntgroup=Account Operators net groupmap delete ntgroup=Backup Operators net groupmap delete ntgroup=Users net groupmap delete ntgroup=Domain Users net groupmap delete ntgroup=Domain Admins net groupmap delete ntgroup=Domain Computers net groupmap delete ntgroup=Cert Publishers net groupmap delete ntgroup=RAS and IAS Servers net groupmap delete ntgroup=Pre-Windows 2000 Compatible Access net groupmap delete ntgroup=Group Policy Creator Owners net groupmap delete ntgroup=Enterprise Admins net groupmap delete ntgroup=Domain Controllers net groupmap delete ntgroup=Schema Admins net groupmap delete ntgroup=Server Operators -- delGrps.sh end removed secrets.tdb and passwd.tdb set up smb.conf to be ROLE_DOMAIN_BDC testparm showed no errors net rpc join -S testpdc -W testpdc0 -UAdministrator%password joined the domain ok. checked on the win2000 server and linuxpdc was listed as a domain controller net rpc getsid -S testpdc -W testpdc0 sid was put into secrets net getlocalsid testpdc0 S-1-5-21-705938202-4238141491-2786779978 showed correct sid net getlocalsid no sid available so used: net setlocalsid S-1-5-21-705938202-4238141491-2786779978 net getlocalsid S-1-5-21-705938202
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
On Thursday 17 March 2005 10:32, Phil Dawson wrote: John, In my original port I said quote: changed linuxpdc to be domain master I wrote to mean changed linuxpdc to be ROLE_DOMAIN_PDC. Sorry if I didn't make myself clear. I did test with testparm before trying to log on. Everything looked ok. Again, it didn't work. What I have tried since is to take the winxp box out of the domain and re-join it to the domain when linuxpdc is the PDC. Now when I log on and run the set command is see LOGONSERVER=//LINUXPDC which is what I was expecting originally. Still having problems getting logon.bat to run when logging on. Will have a look at this today. I'm also going through the logs and settings/password files etc to see if I can spot any differences. Did you remove former Windows PDC box from the network? (By powering it off or unplugging network cable) -- vda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
Hi, I did remove the windows PDC from the network by way of switching it off. Something occurred to me, if the windows xp box has LOGONSERVER=//TESTPDC then is it possible to fix this problem by changing the netbios name of LINUXPDC to TESTPDC. That way win xp boxes would point to the new server and not know any difference. Obviously I'd have to change the DNS etc to make sure. Process is: Join Samba machine to PDC as Domain Controller Migrate from old PDC to Samba PDC Check everything was ok Take old PDC off network Make Samba box to PDC ( Domain Master = Yes ) Change netbios name of Samba PDC from LINUXPDC to TESTPDC Change DNS, lmhosts, hosts ( we make sure by changing all :-) ) Bring up Samba PDC Check can log on from win xp box Question is, would this break any trusts? Anyone done this before? TIA Phil Denis Vlasenko [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 17/03/2005 10:27 To Phil Dawson [EMAIL PROTECTED], [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc On Thursday 17 March 2005 10:32, Phil Dawson wrote: John, In my original port I said quote: changed linuxpdc to be domain master I wrote to mean changed linuxpdc to be ROLE_DOMAIN_PDC. Sorry if I didn't make myself clear. I did test with testparm before trying to log on. Everything looked ok. Again, it didn't work. What I have tried since is to take the winxp box out of the domain and re-join it to the domain when linuxpdc is the PDC. Now when I log on and run the set command is see LOGONSERVER=//LINUXPDC which is what I was expecting originally. Still having problems getting logon.bat to run when logging on. Will have a look at this today. I'm also going through the logs and settings/password files etc to see if I can spot any differences. Did you remove former Windows PDC box from the network? (By powering it off or unplugging network cable) -- vda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
Phil, After migrating the domain data did you change the role of the Samba server to PDC? In your smb.conf you need to set in [global]: domain master = Yes The run 'testparm' to validate your settings. - John T. On Wednesday 16 March 2005 05:39, Phil Dawson wrote: Hello, Second post: first had logs attached but was too big. I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode install ), 1 linux server ( to become pdc ) and a win xp box to test logon when the migration was completed. The problem is no matter what I try after the migration the win xp's logonserver = windows server not linux server. I have no idea what is going on here. I've listed the process for migration just incase I'm doing something wrong. NB: Initially I had a problem with the migration because machines were not being created. The problem was due to useradd conforming to the posix standard and wouldn't allow accounts prefixed with $. Got an interim fix from RedHat which fixed this problem. i can log in using smbclient -L localhost -U% -- anonymous shares available smbclient -L //linuxpdc/public -U pdawson -- shares available plus home directory Is there anything obvious I've missed? I've been at this for weeks now and have no idea what to check next. ( logs are a blur now ). for the purpose of log entries ( supplied if requested ) Domain: TESTPDC0 Windows 2000: TESTPDC ( 192.168.44.80 ) Linux ServerLINUXPDC ( RHES4 )( 192.168.44.81 ) WinXP ( 192.168.44.20 ) ( machine name HP96281120913 ) Added linuxpdc and testpdc to /etc/samba/lmhosts Added linuxpdc and testpdc to our DNS cleaned groups up with -- delGrps.sh net groupmap cleanup net groupmap delete ntgroup=Print Operators net groupmap delete ntgroup=Domain Guests net groupmap delete ntgroup=System Operators net groupmap delete ntgroup=DnsAdmins net groupmap delete ntgroup=Replicator net groupmap delete ntgroup=Guests net groupmap delete ntgroup=Power Users net groupmap delete ntgroup=DnsUpdateProxy net groupmap delete ntgroup=Administrators net groupmap delete ntgroup=Account Operators net groupmap delete ntgroup=Backup Operators net groupmap delete ntgroup=Users net groupmap delete ntgroup=Domain Users net groupmap delete ntgroup=Domain Admins net groupmap delete ntgroup=Domain Computers net groupmap delete ntgroup=Cert Publishers net groupmap delete ntgroup=RAS and IAS Servers net groupmap delete ntgroup=Pre-Windows 2000 Compatible Access net groupmap delete ntgroup=Group Policy Creator Owners net groupmap delete ntgroup=Enterprise Admins net groupmap delete ntgroup=Domain Controllers net groupmap delete ntgroup=Schema Admins net groupmap delete ntgroup=Server Operators -- delGrps.sh end removed secrets.tdb and passwd.tdb set up smb.conf to be ROLE_DOMAIN_BDC testparm showed no errors net rpc join -S testpdc -W testpdc0 -UAdministrator%password joined the domain ok. checked on the win2000 server and linuxpdc was listed as a domain controller net rpc getsid -S testpdc -W testpdc0 sid was put into secrets net getlocalsid testpdc0 S-1-5-21-705938202-4238141491-2786779978 showed correct sid net getlocalsid no sid available so used: net setlocalsid S-1-5-21-705938202-4238141491-2786779978 net getlocalsid S-1-5-21-705938202-4238141491-2786779978 used initGrps.sh script to add groups --- initGrps.sh -- net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Guests unixgroup=nobody --- initGrps.sh end -- net rpc vampire -S testpdc -U Administrator%password no errors list the groups on win 2000 box net group -l -S testpdc -U Administrator%password list groups on linuxpdc net groupmap list - Server Operators (S-1-5-32-549) - Server Operators Domain Guests (S-1-5-21-705938202-4238141491-2786779978-514) - nobody Enterprise Admins (S-1-5-21-705938202-4238141491-2786779978-519) - Enterprise Admins DnsAdmins (S-1-5-21-705938202-4238141491-2786779978-1101) - DnsAdmins Domain Controllers (S-1-5-21-705938202-4238141491-2786779978-516) - Domain Controllers Administrators (S-1-5-21-705938202-4238141491-2786779978-1007) - sys Schema Admins (S-1-5-21-705938202-4238141491-2786779978-518) - Schema Admins Replicators (S-1-5-21-705938202-4238141491-2786779978-1019) - kmem Replicator (S-1-5-32-552) - Replicator Guests (S-1-5-32-546) - nobody Group Policy Creator Owners (S-1-5-21-705938202-4238141491-2786779978-520) - Group Policy Creator Owners Domain Users (S-1-5-21-705938202-4238141491-2786779978-1201) - users Power Users (S-1-5-32-547) - ntadmin Domain Guests (S-1-5-21-705938202-4238141491-2786779978-1199) - nobody DnsUpdateProxy