First thing is...please keep this on list Second thing is...if NT is a PDC, then machine accounts should be created on that system - You can't simulataneously have a Windows & Samba PDC/BDC of any combination. How would you be sure which machine is getting the machine accounts and which machine is handling the authentication?
Craig On Mon, 2004-03-01 at 09:48, Scott Gross wrote: > First thing is first. I need to be able to join a machine to the domain and > be able to login to the domain. This is just to test and make sure the new > Samba server is working. This is the problem I'm having and what I'm > looking for help on. Not how to migrate my users. > > > -----Original Message----- > > From: Craig White [mailto:[EMAIL PROTECTED] > > Sent: Monday, March 01, 2004 8:52 AM > > To: Scott Gross > > Cc: [EMAIL PROTECTED] > > Subject: RE: [Samba] Can't login to Samba PDC > > > > Please keep this on list... > > > > The logical thing to do would be to keep your NT server as the PDC. Set > > up samba not to be a domain controller at all but as a member server to > > the domain (join that machine to the domain - using password server = > > PDC / security = domain and net join ...) > > > > That way, you can create all of the users, join all the machines, set up > > roaming profiles (on the 'member' server) and get all ready. Then, when > > you are ready, you can do the net rpc vampire command and suck all of > > the user accounts/machine accounts/groups into your LDAP. > > > > Craig > > > > On Mon, 2004-03-01 at 09:34, Scott Gross wrote: > > > I was planning to do each machine manually rather than using scripts to > > move > > > the users as I have to change a lot of things on the users PC to keep > > them > > > running after I move them to the new domain. So my intention was to > > join > > > the computer to the new domain, add the user to the Samba domain then > > > configure their PC for the new e-mail system and such. I have to do > > about > > > 100 workstations in many different locations and a slow change over with > > no > > > problems is preferable to a faster one where users might experience > > > problems. > > > > > > This having been said I'm still having problems that after I join the > > > workstation to the new domain I can't login to it. > > > > > > > -----Original Message----- > > > > From: Craig White [mailto:[EMAIL PROTECTED] > > > > Sent: Friday, February 27, 2004 9:33 PM > > > > To: Scott Gross > > > > Cc: [EMAIL PROTECTED] > > > > Subject: RE: [Samba] Can't login to Samba PDC > > > > > > > > Let's keep this on list - there are a lot brighter people than I am on > > > > this stuff... > > > > > > > > On Fri, 2004-02-27 at 19:58, Scott Gross wrote: > > > > > > > > > 3 - migrate? as in net rpc vampire? - how certain are you that LDAP > > is > > > > > working? Does LDAP handle linux login? Are you logging ldap > > connections > > > > > etc? > > > > > > > > > > migrate as in move from one to the other. I'm trying to get the > > Samba > > > > > server running while we're using NT4 and then I will move my users > > and > > > > > workstations to the new domain. I'm going to move them one machine > > and > > > > user > > > > > at a time manually. Yes LDAP handles the linux logins as well and > > this > > > > is > > > > > working. I haven't set-up the LDAP to log the logins but this is > > > > something > > > > > I want to do as well. > > > > ---- > > > > OK - I am trying to understand what you are telling me. > > > > > > > > I can't possibly envision a scenario that you can make this work - > > > > moving one computer and one user over at a time. The computer accounts > > > > continually change their passwords. > > > > > > > > This is what the net rpc vampire command is designed to do, move the > > > > machine accounts, user accounts and group accounts over to new setup > > > > while still retaining all the SID structure. It indeed works - I know > > > > because I did it. > > > > > > > > That is not to say that it is without it's problems but it is - the > > > > intended method and I learned a long time ago about the benefit to > > > > calculate wind direction before I start peeing. > > > > > > > > If you really feel as though you have LDAP set up properly - it > > appears > > > > that you have a grasp on it since you can run ldapsearch from command > > > > line (I am shocked at the number of people that think they have LDAP > > > > running and can't query LDAP), then you really should just slapcat > > your > > > > current setup, dump it, slapadd the stuff you need into LDAP and use > > the > > > > net rpc vampire and suck it all in. You should have no problem getting > > > > it to simultaneously add the posixAccount & sambaSamAccount properties > > - > > > > the only things that you may have to reconcile are 1 - existing > > accounts > > > > in posixland that you want to be both posix & samba (perhaps you have > > > > overlap and different passwords/uid's) and 2 - It's hard to pull the > > > > plug on the existing NT 4 server because it probably has file & print > > > > shares that you wanna keep around...try shutting off the netlogon > > > > service AFTER - you change the settings in smb.conf to make it PDC > > like > > > > and restarting smbd/nmbd. It will still be mostly functional > > > > > > > > Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
