On Mon, 25 Aug 2003, Micha Niskin wrote:Thank you for your response! Yes, I followed the instructions in the howto that came with samba 3.0rc1. Here is the smb.conf file I am using for BDC mode:
Hello,
I am using smaba-3.0beta3 on linux (RedHat 7.3). I noticed that 'net rpc
vampire' does not retrieve the existing SIDs from the domain PDC, rather
it creates new ones. This is a problem if users have files saved locally
on their NT workstations, as the SIDs won't match after the migration to
samba PDC. Is there a way to migrate from an NT PDC to a samba one and
still maintain the users SIDs? Thanks!
Did you follow the information outlined in the chapter "NT4 Migration to Samba-3" in the Samba-HOWTO-Collection.pdf that ships with Samba-3?
If not, what precisely did you do to migrate your user accounts to Samba-3.0.0?
PS: The documentation has holes that will be fixed before samba-3 is reeleased.
- John T.
; ; smb.conf - samba configuration file ; [global] netbios name = rustbucket workgroup = TNG-PDC-TEST1
;os level = 99 domain master = no domain logons = yes local master = yes preferred master = yes
security = user encrypt passwords = yes smb passwd file = /var/samba/smbpasswd ;password server = *
admin users = @root
add group script = /local/adm/accounts/scripts/smbgroupadd.sh "%g"
add user script = /local/adm/accounts/scripts/smbuseradd.sh "%u"
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false "%u"
logon home = /local/adm/accounts/home logon path = /local/adm/accounts/profile logon drive = U
; necessary share for domain controller [netlogon] ;put the login script in this directory path = /local/adm/accounts/tng-netlogon read only = yes write list = root
[MYSHARE] path = /local/adm/accounts/myshare read only = no ;write list = root
I added the samba machine to the NT network as a BDC in the server manager of the NT PDC (samba not running). I did "net rpc join" followed by "net rpc testjoin". A-OK so far. Then I tried to get the account info from the PDC with "net rpc vampire", and here's the output of that command:
[EMAIL PROTECTED] root]# net rpc vampire
Fetching DOMAIN database
SAM_DELTA_DOMAIN_INFO not handled
Creating unix group: 'Domain Users'
Creating account: Administrator
10014
[2003/08/27 07:25:28, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/local/adm/accounts/scripts/smbuseradd.sh "Administrator"' gave 0
Creating account: Guest
10015
[2003/08/27 07:25:28, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/local/adm/accounts/scripts/smbuseradd.sh "Guest"' gave 0
Creating account: GROUPER$
[2003/08/27 07:25:28, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false "GROUPER$"' gave 0
[2003/08/27 07:25:28, 0] passdb/pdb_smbpasswd.c:smbpasswd_update_sam_account(1415)
smbpasswd_update_sam_account: mod_smbfilepwd_entry failed!
[2003/08/27 07:25:28, 1] utils/net_rpc_samsync.c:fetch_account_info(475)
SAM Account for GROUPER$ failed to be updated in the passdb!
Creating account: WIN2KCLIENT$
[2003/08/27 07:25:29, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false "WIN2KCLIENT$"' gave 0
Creating account: user1
10018
[2003/08/27 07:25:29, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/local/adm/accounts/scripts/smbuseradd.sh "user1"' gave 0
Creating account: user2
10019
[2003/08/27 07:25:29, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/local/adm/accounts/scripts/smbuseradd.sh "user2"' gave 0
[2003/08/27 07:25:29, 0] passdb/pdb_smbpasswd.c:build_smb_pass(1129)
build_sam_pass: Failing attempt to store user with non-uid based user RID.
[2003/08/27 07:25:29, 1] utils/net_rpc_samsync.c:fetch_account_info(466)
SAM Account for user2 failed to be added to the passdb!
Creating account: user3
10020
[2003/08/27 07:25:30, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/local/adm/accounts/scripts/smbuseradd.sh "user3"' gave 0
Creating account: dadmin
10021
[2003/08/27 07:25:30, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/local/adm/accounts/scripts/smbuseradd.sh "dadmin"' gave 0
Creating account: XPCL$
[2003/08/27 07:25:30, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false "XPCL$"' gave 0
Creating account: RUSTBUCKET$
[2003/08/27 07:25:31, 1] utils/net_rpc_samsync.c:fetch_account_info(440)
fetch_account: Running the command `/usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false "RUSTBUCKET$"' gave 0
Group members of root: Administrator,dadmin,
[2003/08/27 07:25:31, 1] utils/net_rpc_samsync.c:fetch_group_mem_info(615)
Found bogus group member: 1055 (member_sid=S-1-5-21-1343692548-746159144-1190612905-1055 group=Domain Users)
Group members of Domain Users: Administrator,Guest,WIN2KCLIENT$,user1,user3,XPCL$,dadmin,RUSTBUCKET$,
Group members of nobody: nobody(primary),
Fetching BUILTIN database
[2003/08/27 07:25:31, 0] rpc_client/cli_pipe.c:rpc_api_pipe_req(1025)
SCHANNEL ERROR: seq_num must be even in client (seq_num=3)
SAM_DELTA_DOMAIN_INFO not handled
Creating unix group: 'Print Operators'
Creating unix group: 'Server Operators'
Creating unix group: 'Users'
As you can see, some of the users were not collected properly. I looked into the source a little and it looks like the SAM_DELTA_DOMAIN_INFO is not implemented yet, so I assume that it's not needed to grab the SIDs. Also, I used a script like the one described in the groupmapping howto to create the new users and groups (it returns the UID/GID on stdout). If I don't use these scripts I get weird errors like "Can't add user with non-uid rid" and things like that.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
