Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
Hi, I did remove the windows PDC from the network by way of switching it off. Something occurred to me, if the windows xp box has LOGONSERVER=//TESTPDC then is it possible to fix this problem by changing the netbios name of LINUXPDC to TESTPDC. That way win xp boxes would point to the new server and not know any difference. Obviously I'd have to change the DNS etc to make sure. Process is: Join Samba machine to PDC as Domain Controller Migrate from old PDC to Samba PDC Check everything was ok Take old PDC off network Make Samba box to PDC ( Domain Master = Yes ) Change netbios name of Samba PDC from LINUXPDC to TESTPDC Change DNS, lmhosts, hosts ( we make sure by changing all :-) ) Bring up Samba PDC Check can log on from win xp box Question is, would this break any trusts? Anyone done this before? TIA Phil Denis Vlasenko <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 17/03/2005 10:27 To Phil Dawson <[EMAIL PROTECTED]>, [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc On Thursday 17 March 2005 10:32, Phil Dawson wrote: > John, > > In my original port I said > > quote: "changed linuxpdc to be domain master" > > I wrote to mean "changed linuxpdc to be ROLE_DOMAIN_PDC". Sorry if I > didn't make myself clear. I did test with testparm before trying to log > on. Everything looked ok. Again, it didn't work. What I have tried > since is to take the winxp box out of the domain and re-join it to the > domain when linuxpdc is the PDC. Now when I log on and run the set > command is see LOGONSERVER=//LINUXPDC which is what I was expecting > originally. Still having problems getting logon.bat to run when logging > on. Will have a look at this today. I'm also going through the logs and > settings/password files etc to see if I can spot any differences. Did you remove former Windows PDC box from the network? (By powering it off or unplugging network cable) -- vda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
On Thursday 17 March 2005 10:32, Phil Dawson wrote: > John, > > In my original port I said > > quote: "changed linuxpdc to be domain master" > > I wrote to mean "changed linuxpdc to be ROLE_DOMAIN_PDC". Sorry if I > didn't make myself clear. I did test with testparm before trying to log > on. Everything looked ok. Again, it didn't work. What I have tried > since is to take the winxp box out of the domain and re-join it to the > domain when linuxpdc is the PDC. Now when I log on and run the set > command is see LOGONSERVER=//LINUXPDC which is what I was expecting > originally. Still having problems getting logon.bat to run when logging > on. Will have a look at this today. I'm also going through the logs and > settings/password files etc to see if I can spot any differences. Did you remove former Windows PDC box from the network? (By powering it off or unplugging network cable) -- vda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
John, In my original port I said quote: "changed linuxpdc to be domain master" I wrote to mean "changed linuxpdc to be ROLE_DOMAIN_PDC". Sorry if I didn't make myself clear. I did test with testparm before trying to log on. Everything looked ok. Again, it didn't work. What I have tried since is to take the winxp box out of the domain and re-join it to the domain when linuxpdc is the PDC. Now when I log on and run the set command is see LOGONSERVER=//LINUXPDC which is what I was expecting originally. Still having problems getting logon.bat to run when logging on. Will have a look at this today. I'm also going through the logs and settings/password files etc to see if I can spot any differences. Upto now: xp box can log onto the domain when LINUXPDC is the PDC for the domain. ( after re-joining ) all shares are available linuxpdc is visible in the network i think its safe to say DNS entries are ok. winxp hack worked because we have proved we can log onto the linuxpdc. Another question is, if I take machines out of the domain then re-add them as I have done above and as long as the domain has the same SID when I re-join machines to the domain will they use the same local profile ( my documents / desktop ) etc ... Any other ideas ??? Phil. John H Terpstra <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 16/03/2005 14:54 Please respond to [EMAIL PROTECTED] To samba@lists.samba.org cc Subject Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc Phil, After migrating the domain data did you change the role of the Samba server to PDC? In your smb.conf you need to set in [global]: domain master = Yes The run 'testparm' to validate your settings. - John T. On Wednesday 16 March 2005 05:39, Phil Dawson wrote: > Hello, > > Second post: first had logs attached but was too big. > > I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode > install ), 1 linux server ( to become pdc ) and a win xp box to test logon > when the migration was completed. The problem is no matter what I try > after the migration the win xp's logonserver = windows server not linux > server. I have no idea what is going on here. I've listed the process > for migration just incase I'm doing something wrong. > > NB: Initially I had a problem with the migration because machines were not > being created. The problem was due to useradd conforming to the posix > standard and wouldn't allow accounts prefixed with $. Got an interim fix > from RedHat which fixed this problem. > > i can log in using > > smbclient -L localhost -U% -- anonymous shares available > smbclient -L //linuxpdc/public -U pdawson -- shares available plus home > directory > > > > Is there anything obvious I've missed? I've been at this for weeks now > and have no idea what to check next. ( logs are a blur now ). > > > for the purpose of log entries ( supplied if requested ) > > Domain: TESTPDC0 > Windows 2000: TESTPDC ( 192.168.44.80 ) > Linux ServerLINUXPDC ( RHES4 )( 192.168.44.81 ) > WinXP ( 192.168.44.20 ) ( > machine name HP96281120913 ) > > > Added linuxpdc and testpdc to /etc/samba/lmhosts > Added linuxpdc and testpdc to our DNS > > > cleaned groups up with > > -- delGrps.sh > > net groupmap cleanup > net groupmap delete ntgroup="Print Operators" > net groupmap delete ntgroup="Domain Guests" > net groupmap delete ntgroup="System Operators" > net groupmap delete ntgroup="DnsAdmins" > net groupmap delete ntgroup="Replicator" > net groupmap delete ntgroup="Guests" > net groupmap delete ntgroup="Power Users" > net groupmap delete ntgroup="DnsUpdateProxy" > net groupmap delete ntgroup="Administrators" > net groupmap delete ntgroup="Account Operators" > net groupmap delete ntgroup="Backup Operators" > net groupmap delete ntgroup="Users" > net groupmap delete ntgroup="Domain Users" > net groupmap delete ntgroup="Domain Admins" > net groupmap delete ntgroup="Domain Computers" > net groupmap delete ntgroup="Cert Publishers" > net groupmap delete ntgroup="RAS and IAS Servers" > net groupmap delete ntgroup="Pre-Windows 2000 Compatible Access" > net groupmap delete ntgroup="Group Policy Creator Owners" > net groupmap delete ntgroup="Enterprise Admins" > net groupmap delete ntgroup="Domain Controllers" > net groupmap delete ntgroup="Schema Admins" > net groupmap delete ntgroup="Server Op
Re: [Samba] HELP !!! migrating from win2000 pdc to linux pdc
Phil, After migrating the domain data did you change the role of the Samba server to PDC? In your smb.conf you need to set in [global]: domain master = Yes The run 'testparm' to validate your settings. - John T. On Wednesday 16 March 2005 05:39, Phil Dawson wrote: > Hello, > > Second post: first had logs attached but was too big. > > I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode > install ), 1 linux server ( to become pdc ) and a win xp box to test logon > when the migration was completed. The problem is no matter what I try > after the migration the win xp's logonserver = windows server not linux > server. I have no idea what is going on here. I've listed the process > for migration just incase I'm doing something wrong. > > NB: Initially I had a problem with the migration because machines were not > being created. The problem was due to useradd conforming to the posix > standard and wouldn't allow accounts prefixed with $. Got an interim fix > from RedHat which fixed this problem. > > i can log in using > > smbclient -L localhost -U% -- anonymous shares available > smbclient -L //linuxpdc/public -U pdawson -- shares available plus home > directory > > > > Is there anything obvious I've missed? I've been at this for weeks now > and have no idea what to check next. ( logs are a blur now ). > > > for the purpose of log entries ( supplied if requested ) > > Domain: TESTPDC0 > Windows 2000: TESTPDC ( 192.168.44.80 ) > Linux ServerLINUXPDC ( RHES4 )( 192.168.44.81 ) > WinXP ( 192.168.44.20 ) ( > machine name HP96281120913 ) > > > Added linuxpdc and testpdc to /etc/samba/lmhosts > Added linuxpdc and testpdc to our DNS > > > cleaned groups up with > > -- delGrps.sh > > net groupmap cleanup > net groupmap delete ntgroup="Print Operators" > net groupmap delete ntgroup="Domain Guests" > net groupmap delete ntgroup="System Operators" > net groupmap delete ntgroup="DnsAdmins" > net groupmap delete ntgroup="Replicator" > net groupmap delete ntgroup="Guests" > net groupmap delete ntgroup="Power Users" > net groupmap delete ntgroup="DnsUpdateProxy" > net groupmap delete ntgroup="Administrators" > net groupmap delete ntgroup="Account Operators" > net groupmap delete ntgroup="Backup Operators" > net groupmap delete ntgroup="Users" > net groupmap delete ntgroup="Domain Users" > net groupmap delete ntgroup="Domain Admins" > net groupmap delete ntgroup="Domain Computers" > net groupmap delete ntgroup="Cert Publishers" > net groupmap delete ntgroup="RAS and IAS Servers" > net groupmap delete ntgroup="Pre-Windows 2000 Compatible Access" > net groupmap delete ntgroup="Group Policy Creator Owners" > net groupmap delete ntgroup="Enterprise Admins" > net groupmap delete ntgroup="Domain Controllers" > net groupmap delete ntgroup="Schema Admins" > net groupmap delete ntgroup="Server Operators" > > -- delGrps.sh end > > > removed secrets.tdb and passwd.tdb > > set up smb.conf to be ROLE_DOMAIN_BDC > > < testparm showed no errors > > > net rpc join -S testpdc -W testpdc0 -UAdministrator%password > > < joined the domain ok. checked on the win2000 server and linuxpdc was > listed as a domain controller > > > net rpc getsid -S testpdc -W testpdc0 > > < sid was put into secrets > > > net getlocalsid testpdc0 > > S-1-5-21-705938202-4238141491-2786779978 > > < showed correct sid > > > net getlocalsid > > < no sid available so used: > > > net setlocalsid S-1-5-21-705938202-4238141491-2786779978 > > net getlocalsid > > S-1-5-21-705938202-4238141491-2786779978 > > < used initGrps.sh script to add groups > > > --- initGrps.sh -- > > net groupmap modify ntgroup="Domain Admins" unixgroup=root > net groupmap modify ntgroup="Domain Users" unixgroup=users > net groupmap modify ntgroup="Domain Guests" unixgroup=nobody > > --- initGrps.sh end -- > > net rpc vampire -S testpdc -U Administrator%password > > < no errors> > > < list the groups on win 2000 box > > > net group -l -S testpdc -U Administrator%password > > < list groups on linuxpdc > > > net groupmap list > > > - > > Server Operators (S-1-5-32-549) -> Server Operators > Domain Guests (S-1-5-21-705938202-4238141491-2786779978-514) -> nobody > Enterprise Admins (S-1-5-21-705938202-4238141491-2786779978-519) -> > Enterprise Admins > DnsAdmins (S-1-5-21-705938202-4238141491-2786779978-1101) -> DnsAdmins > Domain Controllers (S-1-5-21-705938202-4238141491-2786779978-516) -> > Domain Controllers > Administrators (S-1-5-21-705938202-4238141491-2786779978-1007) -> sys > Schema Admins (S-1-5-21-705938202-4238141491-2786779978-518) -> Schema > Admins > Replicators (S-1-5-21-705938202-4238141491-2786779978-1019) -> kmem > Replicator (S-1-5-32-552) -> Replicator > Guests (S-1-5-32-546) -> nobody > Group Policy Creator Owners (S-1-5-21-705938202-4238141491-2786779978-520) > -> Group Po