sgm...@mail.bloomfield.k12.mo.us wrote: > > sgm...@mail.bloomfield.k12.mo.us wrote: >> >> sgm...@mail.bloomfield.k12.mo.us wrote: >>> >>> sgm...@mail.bloomfield.k12.mo.us wrote: >>>> I did not get this finished last summer, so decided to just wait and >>>> do >>>> it this summer. I have setup my new samba server and was trying to >>>> get >>>> some things tweaked to the way that I want them. I thought that I had >>>> asked this before and that I could do it, but it seems that it does >> not >> work. >>>> >>>> My new server is running as a domain server just like the old. It has >>>> the same domain name and I change the the SID using net setlocalsid >> to >> the same sid number as my old server. This new server is in a >> test >>>> environment right now. >>>> >>>> I was hoping that my old machines could just log into this server >>>> without having to get out of the domain and then rejoin it, but that >>>> does not work. It tells me that the domain is not there until I get >> out >> of the old one and then rejoin the new one. Is that how it has >> to >>>> work? I was hoping I would not have to do that if I left the domain >>>> name the same and set the SID on the new server. I just want to make >>>> sure I am not missing something before I go around to all 400 >>>> computers >>>> on campus and have them removed and rejoined to the domain. >>> >>> Mr. Terpstra gave me a bit of help. I had done nothing to set my >>> domainsid, but after doing the following: >>> >>> net getlocalsid >>> net getdomainsid >>> >>> The values are the same on both the old and the new samba server. This >>> new server will take the place of my old one. Right now it is on a >>> network with nothing else on it besides one of my old windows clients. >>> If >>> I remove one of my old clients from the domain and then re-add it, then >>> it >>> logs in just fine. If I take an old client from my current network and >>> put it on this new network and try to login to the new samba server >>> then >>> it gives me the typical: >>> >>> "Windows cannot connect to the domain either because the domain >>> controller >>> is down or otherwise unavailable, or because your computer account was >>> not >>> found. Please try again later. If this message continues to appear >>> contact >>> your System Administrator for assistance." >>> >>> The name of the Windows machine is business18 so I did an >>> 'smbldap-adduser >>> -w business18$' to make sure the machine account was added in to the >>> directory, but the error was the same. I even changed the uid of the >>> machine account to match the old one in case that was coming into play. >>> >>> Here is my samba config in case someone sees something that I don't. >>> Which is quite possible since I forget more than I learn it seems. :) >>> I'll be reading on the How-To to see if I can pick anything else up. >>> >>> [global] >>> workgroup = BES >>> server string = Samba Server Version %v >>> netbios name = SCHOOL >>> >>> interfaces = lo eth0 >>> hosts allow = 127. 10.0. 19 2.168.0. localhost >>> ldap passwd sync = Yes >>> ldap admin dn = cn=Manager,dc=school,dc=bloomfield.k12.mo.us >>> ldap suffix = dc=school1,dc=bloomfield.k12.mo.us >>> ldap group suffix = ou=Groups >>> ldap user suffix = ou=Users >>> ldap machine suffix = ou=Computers >>> ldap idmap suffix = ou=Users >>> add machine script = /usr/sbin/smbldap-useradd -w "%u" >>> add user script = /usr/sbin/smbldap-useradd -m "%u" >>> ldap delete dn = Yes >>> add group script = /usr/sbin/smbldap-groupadd -p "%g" >>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" >>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" >>> "%g" >>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" >>> >>> Dos charset = 850 >>> Unix charset = ISO8859-1 >>> >>> >>> log file = /var/log/samba/log.%m >>> max log size = 50 >>> >>> security = user >>> passdb backend = ldapsam:ldap://127.0.0.1 >>> >>> domain master = yes >>> domain logons = yes >>> >>> local master = yes >>> os level = 65 >>> preferred master = yes >>> >>> wins support = yes >>> dns proxy = no >>> >>> load printers = yes >>> cups options = raw >>> >>> [homes] >>> comment = Home Directories >>> browseable = no >>> writable = yes >>> >>> [printers] >>> comment = All Printers >>> path = /var/spool/samba >>> browseable = no >>> guest ok = no >>> writable = no >>> printable = yes >>> >> >> Well, I am getting ready to take the other server offline and put the >> new >> one in place. I am planning on just removing all my machines from the >> domain and adding them back in to get everything to work, though I would >> prefer not to do this. >> >> I am just not sure where else to look. Thought I would post one last >> time. I figure that most of this comes from me not knowing a lot about >> ldap and how samba interacts with it. I am still learning. >> >> The passwords on the new server are different than the old. Does that >> have any affect on it? Do the passwords have to be the same when it >> comes >> to the new machine being added in? I did not think that would matter, >> but >> maybe it does. If it does then that would mean taht the XP machines >> somehow saved the password that was used when the machine joined the >> domain. >> >> Thanks for any info. I'll play with this some tonight, but if I don't >> figure it out, I'll just do as I planned and remove all mahcines from >> the >> domain and add them back in. > > I have messed with this for another 3 hours and have searched everything > that I know to search on the net. Found lots of good hints, but nothing > has worked. I was going to maybe try to slapcat just one computer account > and then slapadd it back in to see if that would work and if it would then > I would do all computer accounts. > > For some reason there is no '-a' version on my old server even though the > manpage shows slapcat(8C) on both servers. I did a slap cat and just > deleted everything down to and past the computers entry, but then noticed > the creatorsName and the modifiersName. > > Those are both: > cn: Manager, dc=old-server-name,dc=org > > My new server has a different name, so when I slapadd this back in, is > that going to cause problems? > > I know that is more of an ldap question, but thought someone could > enlighten me on it here. If I could just get this server to accept > computers without removing/re-adding to the domain, it would save me a > world of time. >
Well, I decided to try it so I changed the old-server-name to the new-server-name in my ldif file and slapadded it into my directory. I get the same thing that the domain cannot be found or the machine account is missing. I will just add the new server in tomorrow and then go around backing up profiles, removing the machine from the domain and then add it back in. I like samba, but it hates me I guess. ;) Thanks for the help. -- Scott Mayo - System Administrator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Question: Because it reverses the logical flow of conversation. Answer: Why is putting a reply at the top of the message frowned upon? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba