Re: [Samba] net rpc vampire - cannot login to migrated computer accounts
Christoph Peus wrote: after "net rpc vampire" migration: uidNumber: 22693 sambaSID: S-1-5-21-1139895982-289624505-398547282-4370 after the maschine rejoined the domain: uidNumber: 22694 sambaSID: S-1-5-21-1139895982-289624505-398547282-46388 Hi Christoph, nice to read you :) What shows testparm -sv 2>/dev/null | grep 'algorithmic rid' ? Think it will look like 'algorithmic rid base = 1000' because 22694 * 2 + 1000 = 46388 You have to find the point in the migration process, where the new sambaSID is calculated. Your migrated sambaSID is not correct. Example from my machine (no ldap): # testparm -sv 2>/dev/null | grep 'algorithmic rid' algorithmic rid base = 1000 vmeis # id xp\$ uid=2005(xp$) gid=777(machines) Gruppen=777(machines) vmeis # pdbedit -Lv xp$ | grep 'User SID' User SID: S-1-5-21-2616608439-745089445-1077948534-5010 2005 * 2 + 1000 = 5010 der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire - cannot login to migrated computer accounts
On Sat, 2005-11-12 at 15:32 +0100, Christoph Peus wrote: > Hello experts, > > I've migrated our NT4 domain to sambe 3.0.20b/ldap backend with "net rpc > vampire", and nearly everything works as expected. But one big problem > remains: it's not possible to login to the domains member maschines now, > because "the domain is not available at the moment" (translated from > german). After the maschine rejoined the samba domain, login works. (But > this is not an option for our ~500 maschines...) > > I have looked at the computer account of one maschine after the migration > and after I rejoined the domain manually. There's a difference: > > after "net rpc vampire" migration: > > dn: uid=BIT59$,ou=computers,dc=uni-wh,dc=de > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: sambaSamAccount > cn: BIT59$ > sn: BIT59$ > uid: BIT59$ > uidNumber: 22693 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > gecos: Computer > structuralObjectClass: inetOrgPerson > entryUUID: 4de87562-e740-1029-802b-d5f8fbe677cd > creatorsName: cn=smbldap-tools,ou=DSA,dc=uni-wh,dc=de > createTimestamp: 2005204849Z > sambaSID: S-1-5-21-1139895982-289624505-398547282-4370 > sambaPrimaryGroupSID: S-1-5-21-1139895982-289624505-398547282-515 > displayName: BIT59$ > sambaLogonTime: 1131741671 > sambaNTPassword: 6D4D1F74BA851B7DB9DBCBA966C00AEF > sambaPwdLastSet: 1131727258 > sambaAcctFlags: [W ] > entryCSN: 2005204858Z#01#00#00 > modifiersName: cn=samba,ou=DSA,dc=uni-wh,dc=de > modifyTimestamp: 2005204858Z > > Something wrong here? > > > after the maschine rejoined the domain: > > dn: uid=bit59$,ou=computers,dc=uni-wh,dc=de > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: sambaSamAccount > cn: bit59$ > sn: bit59$ > uid: bit59$ > uidNumber: 22694 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > gecos: Computer > structuralObjectClass: inetOrgPerson > entryUUID: f490cd82-e7b4-1029-8a6d-c4cb6795876f > creatorsName: cn=smbldap-tools,ou=DSA,dc=uni-wh,dc=de > createTimestamp: 20051112104350Z > sambaSID: S-1-5-21-1139895982-289624505-398547282-46388 > sambaPrimaryGroupSID: S-1-5-21-1139895982-289624505-398547282-515 > displayName: BIT59$ > sambaPwdCanChange: 1131878635 > sambaPwdMustChange: 1142160235 > sambaNTPassword: 22E8E02D746C544A1DB0D183715C2D86 > sambaPwdLastSet: 1131792235 > sambaAcctFlags: [W ] > entryCSN: 20051112104358Z#01#00#00 > modifiersName: cn=samba,ou=DSA,dc=uni-wh,dc=de > modifyTimestamp: 20051112104358Z > > Obviously the "sambaPwdCanChange" and "sambaPwdMustChange" attributes are > missing in the computer account after migration. Could this cause the > problem or do I search at the wrong place? > > Thanks in advance for your support! it's easy enough to fix with the pdbedit command, set those values and then try to log in. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc vampire - cannot login to migrated computer accounts
Hello experts, I've migrated our NT4 domain to sambe 3.0.20b/ldap backend with "net rpc vampire", and nearly everything works as expected. But one big problem remains: it's not possible to login to the domains member maschines now, because "the domain is not available at the moment" (translated from german). After the maschine rejoined the samba domain, login works. (But this is not an option for our ~500 maschines...) I have looked at the computer account of one maschine after the migration and after I rejoined the domain manually. There's a difference: after "net rpc vampire" migration: dn: uid=BIT59$,ou=computers,dc=uni-wh,dc=de objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount cn: BIT59$ sn: BIT59$ uid: BIT59$ uidNumber: 22693 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: 4de87562-e740-1029-802b-d5f8fbe677cd creatorsName: cn=smbldap-tools,ou=DSA,dc=uni-wh,dc=de createTimestamp: 2005204849Z sambaSID: S-1-5-21-1139895982-289624505-398547282-4370 sambaPrimaryGroupSID: S-1-5-21-1139895982-289624505-398547282-515 displayName: BIT59$ sambaLogonTime: 1131741671 sambaNTPassword: 6D4D1F74BA851B7DB9DBCBA966C00AEF sambaPwdLastSet: 1131727258 sambaAcctFlags: [W ] entryCSN: 2005204858Z#01#00#00 modifiersName: cn=samba,ou=DSA,dc=uni-wh,dc=de modifyTimestamp: 2005204858Z Something wrong here? after the maschine rejoined the domain: dn: uid=bit59$,ou=computers,dc=uni-wh,dc=de objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount cn: bit59$ sn: bit59$ uid: bit59$ uidNumber: 22694 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: inetOrgPerson entryUUID: f490cd82-e7b4-1029-8a6d-c4cb6795876f creatorsName: cn=smbldap-tools,ou=DSA,dc=uni-wh,dc=de createTimestamp: 20051112104350Z sambaSID: S-1-5-21-1139895982-289624505-398547282-46388 sambaPrimaryGroupSID: S-1-5-21-1139895982-289624505-398547282-515 displayName: BIT59$ sambaPwdCanChange: 1131878635 sambaPwdMustChange: 1142160235 sambaNTPassword: 22E8E02D746C544A1DB0D183715C2D86 sambaPwdLastSet: 1131792235 sambaAcctFlags: [W ] entryCSN: 20051112104358Z#01#00#00 modifiersName: cn=samba,ou=DSA,dc=uni-wh,dc=de modifyTimestamp: 20051112104358Z Obviously the "sambaPwdCanChange" and "sambaPwdMustChange" attributes are missing in the computer account after migration. Could this cause the problem or do I search at the wrong place? Thanks in advance for your support! Christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba