Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
On Fri, 2005-10-14 at 15:11 -0500, Philip Washington wrote: > Philip Washington wrote: > > Hope this helps someone else and I appreciate the help I was given here. > > Okay I was a bit premature, we are now getting timeout errors on ldap > and when I run > smbclient -L //SAMBAPDC > I get session timeout. > > This worked last night and the computers were on an isolated network in > a locked lab. Don't understand what happened overnight. sounds like a WINS problem (name resolution) Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
Philip Washington wrote: Craig White wrote: On Mon, 2005-10-10 at 12:47 -0500, Philip Washington wrote: Philip Washington wrote: Craig White wrote: On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote: On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote: After migration of an NT4 domain to Samba we find that when users log in they have a new profile. Since we cannot deal with this on all of the computers with all of the users we have had to stop the migration. I have searched through the archive and not been able to find any answers to this issue, I did find a relevant article though and apparently they didn't have an answer in 2002. http://lists.samba.org/archive/samba/2002-August/050163.html Has anyone found a way to resolve this? We are not using roaming profiles. I am hoping that you really aren't looking for wild speculation as to what may be the problem. Some things that you should consider sharing with us so that we might be able to make a useful suggestion... samba version ? SID ? 'net getlocalsid' does this match the SID of the domain that the machines that were already joined to the domain? Did you actually 'net setlocalsid' to match? from your smb.conf passdb ? logon path = ? security = ? domain logons = ? domain master = ? preferred master = ? If we took an example of one or two users who had a problem with their profiles...what's output of things like pdbedit -L USER_NAME ? does the profile path actually work? Is it reachable from a Windows system? privileges on profile server permit access? otherwise, I would just say that you're having a bad day. I should have pointed out... logon path = (that's right - blank) prevents roaming profiles and perhaps, because I am not very smart and was trying to populate LDAP with which I was pretty unfamiliar, I had to run through the vampire process a lot of times before I got everything working the way I wanted it. My second time doing the vampire thing to LDAP was considerably easier. Even though the documentation was excellent, the devil is in the details. Craig We had spent 3 days on it and got it to work without the roaming profiles ( Using Ch 8 from Samba-3 by Example and help here). It sounds like we went through some of the same issues with vampire, but it looked like we had it working with our test system. We had a test machine MACHINE1 in NT4 DOMAINA. We transfered DOMAINA over to a SambaPDC-with LDAP. Moved MACHINE1 over to the test environment with a SambaPDC-with LDAP. Logged in TESTUSER1 everything looked fine, no roaming profile (we did a jig and jumped for joy ). We then moved MACHINE2 over to the test environment logged in TESTUSER1 (we had transfered TESTUSER1 from the original NT4 domain). We then logged in USER2 which was the primary user for this computer when it was in the NT4 domain. That was when we found out that Outlook treated the user as someone completely different, as well as other programs on the machine, the desktop was completely changed to default. After spending another day on it we had to move on, but we are now willing to try again from scratch. Did we still have something wrong? Has/does this work with the latest version? Goal 1: is USER1 on MACHINE1 can log into the system and not tell that something has changed (Namely there is a different PDC platform). Goal 2: The IT department doesn't have to write a bunch of scripts to move profile information on each computer. Is this possible, because I was of the impression that once we finished the client MACHINE1 and user USER1 wouldn't know or act any differently when logging into NT4 as the PDC vs logging into the transfered DOMAINA on the Samba-LDAP PDC. in all fairness, I have let this go because you didn't answer any of the questions that I asked. I'm not sure why anyone else didn't follow up but perhaps they were thinking along the same lines that I was. In light of no reply, you might consider starting over, and rephrasing your questions. In short, I had absolutely no problems with migrating users from NT PDC to Samba PDC but I have always used LDAP as backend for the migration and roaming profiles. Craig Okay, I appear to have it working now. The first time it didn't work because we were using the old version of Samba3-by Examples. The second time it didn't work because we may, may (stressed) have done something wrong or it may have been because we were using samba-3.0.10. Today we recompiled from Fedora samba-3.0.20b to a RHEL4 system, because the new version of Samba3-by Examples is based on this book. We went through everything as shown in Chapter 9. The only difference was 'logon path = ', so we didn't have roaming profiles (And of course our domain and computer names were different). So far we have pulled 3 computers from our original domain and not seen any
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
Craig White wrote: On Mon, 2005-10-10 at 12:47 -0500, Philip Washington wrote: Philip Washington wrote: Craig White wrote: On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote: On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote: After migration of an NT4 domain to Samba we find that when users log in they have a new profile. Since we cannot deal with this on all of the computers with all of the users we have had to stop the migration. I have searched through the archive and not been able to find any answers to this issue, I did find a relevant article though and apparently they didn't have an answer in 2002. http://lists.samba.org/archive/samba/2002-August/050163.html Has anyone found a way to resolve this? We are not using roaming profiles. I am hoping that you really aren't looking for wild speculation as to what may be the problem. Some things that you should consider sharing with us so that we might be able to make a useful suggestion... samba version ? SID ? 'net getlocalsid' does this match the SID of the domain that the machines that were already joined to the domain? Did you actually 'net setlocalsid' to match? from your smb.conf passdb ? logon path = ? security = ? domain logons = ? domain master = ? preferred master = ? If we took an example of one or two users who had a problem with their profiles...what's output of things like pdbedit -L USER_NAME ? does the profile path actually work? Is it reachable from a Windows system? privileges on profile server permit access? otherwise, I would just say that you're having a bad day. I should have pointed out... logon path = (that's right - blank) prevents roaming profiles and perhaps, because I am not very smart and was trying to populate LDAP with which I was pretty unfamiliar, I had to run through the vampire process a lot of times before I got everything working the way I wanted it. My second time doing the vampire thing to LDAP was considerably easier. Even though the documentation was excellent, the devil is in the details. Craig We had spent 3 days on it and got it to work without the roaming profiles ( Using Ch 8 from Samba-3 by Example and help here). It sounds like we went through some of the same issues with vampire, but it looked like we had it working with our test system. We had a test machine MACHINE1 in NT4 DOMAINA. We transfered DOMAINA over to a SambaPDC-with LDAP. Moved MACHINE1 over to the test environment with a SambaPDC-with LDAP. Logged in TESTUSER1 everything looked fine, no roaming profile (we did a jig and jumped for joy ). We then moved MACHINE2 over to the test environment logged in TESTUSER1 (we had transfered TESTUSER1 from the original NT4 domain). We then logged in USER2 which was the primary user for this computer when it was in the NT4 domain. That was when we found out that Outlook treated the user as someone completely different, as well as other programs on the machine, the desktop was completely changed to default. After spending another day on it we had to move on, but we are now willing to try again from scratch. Did we still have something wrong? Has/does this work with the latest version? Goal 1: is USER1 on MACHINE1 can log into the system and not tell that something has changed (Namely there is a different PDC platform). Goal 2: The IT department doesn't have to write a bunch of scripts to move profile information on each computer. Is this possible, because I was of the impression that once we finished the client MACHINE1 and user USER1 wouldn't know or act any differently when logging into NT4 as the PDC vs logging into the transfered DOMAINA on the Samba-LDAP PDC. in all fairness, I have let this go because you didn't answer any of the questions that I asked. I'm not sure why anyone else didn't follow up but perhaps they were thinking along the same lines that I was. In light of no reply, you might consider starting over, and rephrasing your questions. In short, I had absolutely no problems with migrating users from NT PDC to Samba PDC but I have always used LDAP as backend for the migration and roaming profiles. Craig Okay, I appear to have it working now. The first time it didn't work because we were using the old version of Samba3-by Examples. The second time it didn't work because we may, may (stressed) have done something wrong or it may have been because we were using samba-3.0.10. Today we recompiled from Fedora samba-3.0.20b to a RHEL4 system, because the new version of Samba3-by Examples is based on this book. We went through everything as shown in Chapter 9. The only difference was 'logon path = ', so we didn't have roaming profiles (And of course our domain and computer names were different). So far we have pulled 3 computers from our original domain and not seen any problems. Users login and they g
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
Andrew Bartlett wrote: On Sat, 2005-10-08 at 09:29 -0500, Philip Washington wrote: I was under the impression that once the PDC was transferred then USER2 could log into the MACHINE2 and not have any indication that there was a difference in the platform the PDC was running on or that there had been a change. This very much depends on what the values on the old PDC are and what you have set in your new smb.conf. You haven't told us very much about how your domain is setup, what values you found in the replica LDAP, and in particular what you saw the client doing in the domain logon. In particular, is the logon path filled in, in the SamLogon reply? (observed best with a level 10 debug). Does the client attempt to contact the roaming profile server? What is your logon path set to in NT4, and what is the value in LDAP now? Anything else in the logs? Andrew Bartlett I'm redoing the samba setup again and will try to get more of this information. We actually tried this a year ago with 3.0.0 and were able to get the logons, but the profiles were changing. We are going to try again and follow the directions in the new version of Samba3 -examples. What I was trying to avoid was the 2 or 3 days getting it up and tested and then find out that USER1 on MACHINE1 has a different profile, that what he had before. We do not use roaming profiles. Also if anybody knows what is the best was to start the ldap server over from scratch and make sure it has been completely clean of previous attempts. I'm hoping that by tomorrow I'll have the server up and running and begin testing We are using smbldap-tools.tar.gz version 9.0.0 samb-3.0.10-1.4e What if I decide to start this over from scratch. What is the best way to clear out the LdAP server and start all over? I think that we are close to having everything correct, but something just isn't quite right. The latest incantation doesn't appear to be working ( we haven't back tested but were testing as we went along and didn't see a lot of problems. The smb.conf --- /|[global]|/ /|workgroup = DOMAINA |/ /|netbios name = MERLIN |/ /|passdb backend = ldapsam:ldap://localhost|/ /|log level = 1|/ /|syslog = 0|/ /|log file = /var/log/samba/%m|/ /|max log size = 0|/ /|smb ports = 139 445|/ /|name resolve order = wins bcast hosts|/ /|add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'|/ /|#delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'|/ /|add group script = /opt/IDEALX/sbin/smbldap-groupadd '%g'|/ /|#delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'|/ /|add user to group script = /opt/IDEALX/sbin/ smbldap-groupmod -m '%u' '%g'|/ /|#delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g'|/ /|set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'|/ /|add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'|/ /|logon script = scripts\logon.cmd|/ /|logon path = \\%L\profiles\%U|/ /|logon home = \\%L\%U|/ /|logon drive = X:|/ /|domain logons = Yes|/ /|#domain master = Yes |/ /|wins support = Yes|/ /|#wins server = 192.168.1.20|/ /|ldap admin dn = cn=Manager,dc=domaina,dc=org|/ /|ldap group suffix = ou=Groups|/ /|ldap idmap suffix = ou=Idmap|/ /|ldap machine suffix = ou=People|/ /|ldap passwd sync = Yes|/ /|ldap suffix = dc=domaina,dc=com|/ /|ldap ssl = no|/ /|ldap timeout = 20|/ /|ldap user suffix = ou=People|/ /|idmap backend = ldap:ldap://localhost|/ /|idmap uid = 15000-2|/ /|idmap gid = 15000-2|/ /|winbind nested groups = Yes|/ /|ea support = Yes|/ /|map acl inherit = Yes|/ /|[apps]|/ /|comment = Application Data|/ /|path = /data/home/apps|/ /|read only = No|/ /|[homes]|/ /|comment = Home Directories|/ /|path = /home/users/%U/Documents|/ /|valid users = %S|/ /|read only = No|/ /|browseable = No|/ /|[printers]|/ /|comment = SMB Print Spool|/ /|path = /var/spool/samba|/ /|guest ok = Yes|/ /|printable = Yes|/ /|use client driver = No|/ /|browseable = No|/ /|[netlogon]|/ /|comment = Network Logon Service|/ /|path = /var/lib/samba/netlogon|/ /|guest ok = Yes|/ /|locking = No|/ /|[profiles]|/ /|comment = Profile Share|/ /|path = /var/lib/samba/profiles|/ /|read only = No|/ /|profile acls = Yes|/ /|[profdata]|/ /|comment = Profile Data Share|/ /|path = /var/lib/samba/profdata|/ /|read only = No|/ /|profile acls = Yes|/ /|[print$]|/ /|comment = Printer Drivers|/ /|path = /var/lib/samba/drivers|/ testparm after this looks good After going through the steps in Ch9 to config slapd-tool and then doing a transfer we get to the part where we run net rpc vampire -S DomainAServ -UAdministrator%not24get pbedit -Lw and some of the data looks okay but we have some users with User2:9:XXX... User3:10:XX. I have also been forwarded 3 emails with the same problem and there hoping I'll find a solution. -- To unsubscribe from
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
On Mon, 2005-10-10 at 12:47 -0500, Philip Washington wrote: > Philip Washington wrote: > > > Craig White wrote: > > > >> On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote: > >> > >> > >>> On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote: > >>> > >>> > After migration of an NT4 domain to Samba we find that when users > log in they have a new profile. Since we cannot deal with this on > all of the computers with all of the users we have had to stop the > migration. > I have searched through the archive and not been able to find any > answers to this issue, I did find a relevant article though and > apparently they didn't have an answer in 2002. > http://lists.samba.org/archive/samba/2002-August/050163.html > Has anyone found a way to resolve this? > We are not using roaming profiles. > > >>> > >>> > >>> I am hoping that you really aren't looking for wild speculation as to > >>> what may be the problem. Some things that you should consider sharing > >>> with us so that we might be able to make a useful suggestion... > >>> > >>> samba version ? > >>> > >>> SID ? 'net getlocalsid' does this match the SID of the domain that the > >>> machines that were already joined to the domain? Did you actually 'net > >>> setlocalsid' to match? > >>> > >>> from your smb.conf > >>> passdb ? > >>> logon path = ? > >>> security = ? > >>> domain logons = ? > >>> domain master = ? > >>> preferred master = ? > >>> > >>> If we took an example of one or two users who had a problem with their > >>> profiles...what's output of things like > >>> > >>> pdbedit -L USER_NAME ? > >>> > >>> does the profile path actually work? Is it reachable from a Windows > >>> system? > >>> privileges on profile server permit access? > >>> > >>> otherwise, I would just say that you're having a bad day. > >>> > >>> > >> > >> > >> I should have pointed out... > >> > >> logon path = > >> > >> (that's right - blank) prevents roaming profiles > >> > >> and perhaps, because I am not very smart and was trying to populate LDAP > >> with which I was pretty unfamiliar, I had to run through the vampire > >> process a lot of times before I got everything working the way I wanted > >> it. My second time doing the vampire thing to LDAP was considerably > >> easier. Even though the documentation was excellent, the devil is in the > >> details. > >> > >> Craig > >> > >> > >> > >> > > We had spent 3 days on it and got it to work without the roaming > > profiles ( Using Ch 8 from Samba-3 by Example and help here). It > > sounds like we went through some of the same issues with vampire, but > > it looked like we had it working with our test system. > > We had a test machine MACHINE1 in NT4 DOMAINA. > > We transfered DOMAINA over to a SambaPDC-with LDAP. > > Moved MACHINE1 over to the test environment with a SambaPDC-with > > LDAP. Logged in TESTUSER1 everything looked fine, no roaming profile > > (we did a jig and jumped for joy ). > > We then moved MACHINE2 over to the test environment logged in > > TESTUSER1 (we had transfered TESTUSER1 from the original NT4 domain). > > We then logged in USER2 which was the primary user for this computer > > when it was in the NT4 domain. That was when we found out that > > Outlook treated the user as someone completely different, as well as > > other programs on the machine, the desktop was completely changed to > > default. After spending another day on it we had to move on, but we > > are now willing to try again from scratch. > > > > Did we still have something wrong? Has/does this work with the > > latest version? > > > > Goal 1: is USER1 on MACHINE1 can log into the system and not tell that > > something has changed (Namely there is a different PDC platform). > > Goal 2: The IT department doesn't have to write a bunch of scripts to > > move profile information on each computer. > > > > Is this possible, because I was of the impression that once we > > finished the client MACHINE1 and user USER1 wouldn't know or act any > > differently when logging into NT4 as the PDC vs logging into the > > transfered DOMAINA on the Samba-LDAP PDC. > > in all fairness, I have let this go because you didn't answer any of the questions that I asked. I'm not sure why anyone else didn't follow up but perhaps they were thinking along the same lines that I was. In light of no reply, you might consider starting over, and rephrasing your questions. In short, I had absolutely no problems with migrating users from NT PDC to Samba PDC but I have always used LDAP as backend for the migration and roaming profiles. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
Philip Washington wrote: Craig White wrote: On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote: On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote: After migration of an NT4 domain to Samba we find that when users log in they have a new profile. Since we cannot deal with this on all of the computers with all of the users we have had to stop the migration. I have searched through the archive and not been able to find any answers to this issue, I did find a relevant article though and apparently they didn't have an answer in 2002. http://lists.samba.org/archive/samba/2002-August/050163.html Has anyone found a way to resolve this? We are not using roaming profiles. I am hoping that you really aren't looking for wild speculation as to what may be the problem. Some things that you should consider sharing with us so that we might be able to make a useful suggestion... samba version ? SID ? 'net getlocalsid' does this match the SID of the domain that the machines that were already joined to the domain? Did you actually 'net setlocalsid' to match? from your smb.conf passdb ? logon path = ? security = ? domain logons = ? domain master = ? preferred master = ? If we took an example of one or two users who had a problem with their profiles...what's output of things like pdbedit -L USER_NAME ? does the profile path actually work? Is it reachable from a Windows system? privileges on profile server permit access? otherwise, I would just say that you're having a bad day. I should have pointed out... logon path = (that's right - blank) prevents roaming profiles and perhaps, because I am not very smart and was trying to populate LDAP with which I was pretty unfamiliar, I had to run through the vampire process a lot of times before I got everything working the way I wanted it. My second time doing the vampire thing to LDAP was considerably easier. Even though the documentation was excellent, the devil is in the details. Craig We had spent 3 days on it and got it to work without the roaming profiles ( Using Ch 8 from Samba-3 by Example and help here). It sounds like we went through some of the same issues with vampire, but it looked like we had it working with our test system. We had a test machine MACHINE1 in NT4 DOMAINA. We transfered DOMAINA over to a SambaPDC-with LDAP. Moved MACHINE1 over to the test environment with a SambaPDC-with LDAP. Logged in TESTUSER1 everything looked fine, no roaming profile (we did a jig and jumped for joy ). We then moved MACHINE2 over to the test environment logged in TESTUSER1 (we had transfered TESTUSER1 from the original NT4 domain). We then logged in USER2 which was the primary user for this computer when it was in the NT4 domain. That was when we found out that Outlook treated the user as someone completely different, as well as other programs on the machine, the desktop was completely changed to default. After spending another day on it we had to move on, but we are now willing to try again from scratch. Did we still have something wrong? Has/does this work with the latest version? Goal 1: is USER1 on MACHINE1 can log into the system and not tell that something has changed (Namely there is a different PDC platform). Goal 2: The IT department doesn't have to write a bunch of scripts to move profile information on each computer. Is this possible, because I was of the impression that once we finished the client MACHINE1 and user USER1 wouldn't know or act any differently when logging into NT4 as the PDC vs logging into the transfered DOMAINA on the Samba-LDAP PDC. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
On Sat, 2005-10-08 at 09:29 -0500, Philip Washington wrote: > I was under the impression that once the PDC was transferred then USER2 > could log into the MACHINE2 and not have any indication that there was a > difference in the platform the PDC was running on or that there had been > a change. This very much depends on what the values on the old PDC are and what you have set in your new smb.conf. You haven't told us very much about how your domain is setup, what values you found in the replica LDAP, and in particular what you saw the client doing in the domain logon. In particular, is the logon path filled in, in the SamLogon reply? (observed best with a level 10 debug). Does the client attempt to contact the roaming profile server? What is your logon path set to in NT4, and what is the value in LDAP now? Anything else in the logs? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
Craig White wrote: On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote: On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote: After migration of an NT4 domain to Samba we find that when users log in they have a new profile. Since we cannot deal with this on all of the computers with all of the users we have had to stop the migration. I have searched through the archive and not been able to find any answers to this issue, I did find a relevant article though and apparently they didn't have an answer in 2002. http://lists.samba.org/archive/samba/2002-August/050163.html Has anyone found a way to resolve this? We are not using roaming profiles. I am hoping that you really aren't looking for wild speculation as to what may be the problem. Some things that you should consider sharing with us so that we might be able to make a useful suggestion... samba version ? SID ? 'net getlocalsid' does this match the SID of the domain that the machines that were already joined to the domain? Did you actually 'net setlocalsid' to match? from your smb.conf passdb ? logon path = ? security = ? domain logons = ? domain master = ? preferred master = ? If we took an example of one or two users who had a problem with their profiles...what's output of things like pdbedit -L USER_NAME ? does the profile path actually work? Is it reachable from a Windows system? privileges on profile server permit access? otherwise, I would just say that you're having a bad day. I should have pointed out... logon path = (that's right - blank) prevents roaming profiles and perhaps, because I am not very smart and was trying to populate LDAP with which I was pretty unfamiliar, I had to run through the vampire process a lot of times before I got everything working the way I wanted it. My second time doing the vampire thing to LDAP was considerably easier. Even though the documentation was excellent, the devil is in the details. Craig Sorry if this is a double post, but I believe that I replied directly to Craig instead of to the group. We transfered the DOMAINA from NT4 to SambaPDC-LDAP logged TESTUSER1 onto TESTMACHINE1 and were able to authenticate without getting roaming profiles. The user and Machine had been transfered from the NT4 PDC We then tried another machine MACHINE2 and were able to log in using TESTUSER1. We then tried logging in USER2 onto MACHINE2 and were able to get authenticated, but the desktop changed the, Outlook treated this as a new user and USER2 was not able to open files with his specific user permisions. We worked on trying to resolve this for a day, but we had already gone through about 3 days with vampire issues and roaming profile problems. Did we miss something and incorrectly do something when using vampire. We were trying to follow the directions, I believe it was Ch8 in Samba3 by example. We are contemplating whether to try this again, but if we can't resolve this we may have to throw in the towel. We have to many users and machines with diverse application setups to try and work around this manually. I was under the impression that once the PDC was transferred then USER2 could log into the MACHINE2 and not have any indication that there was a difference in the platform the PDC was running on or that there had been a change. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote: > On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote: > > After migration of an NT4 domain to Samba we find that when users log in > > they have a new profile. Since we cannot deal with this on all of the > > computers with all of the users we have had to stop the migration. > > I have searched through the archive and not been able to find any > > answers to this issue, I did find a relevant article though and > > apparently they didn't have an answer in 2002. > > http://lists.samba.org/archive/samba/2002-August/050163.html > > Has anyone found a way to resolve this? > > We are not using roaming profiles. > > I am hoping that you really aren't looking for wild speculation as to > what may be the problem. Some things that you should consider sharing > with us so that we might be able to make a useful suggestion... > > samba version ? > > SID ? 'net getlocalsid' does this match the SID of the domain that the > machines that were already joined to the domain? Did you actually 'net > setlocalsid' to match? > > from your smb.conf > passdb ? > logon path = ? > security = ? > domain logons = ? > domain master = ? > preferred master = ? > > If we took an example of one or two users who had a problem with their > profiles...what's output of things like > > pdbedit -L USER_NAME ? > > does the profile path actually work? Is it reachable from a Windows > system? > > privileges on profile server permit access? > > otherwise, I would just say that you're having a bad day. > I should have pointed out... logon path = (that's right - blank) prevents roaming profiles and perhaps, because I am not very smart and was trying to populate LDAP with which I was pretty unfamiliar, I had to run through the vampire process a lot of times before I got everything working the way I wanted it. My second time doing the vampire thing to LDAP was considerably easier. Even though the documentation was excellent, the devil is in the details. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles change when migrating from NT4 to Samba PDC
On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote: > After migration of an NT4 domain to Samba we find that when users log in > they have a new profile. Since we cannot deal with this on all of the > computers with all of the users we have had to stop the migration. > I have searched through the archive and not been able to find any > answers to this issue, I did find a relevant article though and > apparently they didn't have an answer in 2002. > http://lists.samba.org/archive/samba/2002-August/050163.html > Has anyone found a way to resolve this? > We are not using roaming profiles. I am hoping that you really aren't looking for wild speculation as to what may be the problem. Some things that you should consider sharing with us so that we might be able to make a useful suggestion... samba version ? SID ? 'net getlocalsid' does this match the SID of the domain that the machines that were already joined to the domain? Did you actually 'net setlocalsid' to match? from your smb.conf passdb ? logon path = ? security = ? domain logons = ? domain master = ? preferred master = ? If we took an example of one or two users who had a problem with their profiles...what's output of things like pdbedit -L USER_NAME ? does the profile path actually work? Is it reachable from a Windows system? privileges on profile server permit access? otherwise, I would just say that you're having a bad day. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Profiles change when migrating from NT4 to Samba PDC
After migration of an NT4 domain to Samba we find that when users log in they have a new profile. Since we cannot deal with this on all of the computers with all of the users we have had to stop the migration. I have searched through the archive and not been able to find any answers to this issue, I did find a relevant article though and apparently they didn't have an answer in 2002. http://lists.samba.org/archive/samba/2002-August/050163.html Has anyone found a way to resolve this? We are not using roaming profiles. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba