Sorry, when I was hitting reply I thought it was going back to the list not just to you. I wasn't paying attention to the address line in the e-mail.
I'm not using the windows wizard to join the domain but I am doing the join from the windows workstation. I'm not big on some of the wizards so I use the change button (from windows XP computer name screen) or the properties button (from Win2K network identification screen). The computer is being added to the _COMPUTERS_ container in my LDAP with the appropriate trailing $ (uid=fife3400sales02$,ou=_COMPUTERS_). The domain portion of all SID's is the same (User-Group-Computer-sambaDomainName). When the workstation tries to authenticate the user I can see the connection to IPC$ on the samba server. 'uid=root,ou=_USERS_' is a sambaSamAccount and is a member of 'cn=Domain Users,ou=_GROUPS_'. I did just notice that 'cn=Domain Computers,ou=_GROUPS_' doesn't have any members in it. Do I need to add the computers to this group? > -----Original Message----- > From: Craig White [mailto:[EMAIL PROTECTED] > Sent: Monday, March 01, 2004 10:16 AM > To: Scott Gross > Cc: [EMAIL PROTECTED] > Subject: RE: [Samba] Can't login to Samba PDC > > On Mon, 2004-03-01 at 10:42, Scott Gross wrote: > > First thing is what list do you keeping talking about? Am I not > supposed to > > be asking about Samba things in this list? > > > --- > The Samba list is the list I am specifically referring to. Everytime you > hit the 'reply' button, it replies only to me. If you hit 'reply to all' > it will also reply to the samba list. Every reply I have hit, I have > added the [EMAIL PROTECTED] to the address because you seem to only > want to reply to me. Thus, you would be asking Samba things to the samba > list if you would only include the samba list in your replies. > --- > > Second is the domain names are different. That is how you can tell > which > > domain you are logging into. Why don't you try helping with the problem > or > > let someone else if you don't want to. > > > --- > I would be happy to let someone else help you - you have to actually > post to the list instead of just emailing me. > > If the domain names are different, then your usage of the term migrate > in your original email was misleading and I'm sorry it took me 4 emails > to get this information out of you. > > Evidently, the method you are using to 'join' the domain with the > computer isn't functioning properly. Are you putting the computer > accounts in the 'People' container? Is root a samba member? Do you use > the Win2K/WinXP wizard to join the domain? > > Craig > > > > > > -----Original Message----- > > > From: Craig White [mailto:[EMAIL PROTECTED] > > > Sent: Monday, March 01, 2004 9:43 AM > > > To: Scott Gross > > > Cc: [EMAIL PROTECTED] > > > Subject: RE: [Samba] Can't login to Samba PDC > > > > > > First thing is...please keep this on list > > > > > > Second thing is...if NT is a PDC, then machine accounts should be > > > created on that system - You can't simulataneously have a Windows & > > > Samba PDC/BDC of any combination. How would you be sure which machine > is > > > getting the machine accounts and which machine is handling the > > > authentication? > > > > > > Craig > > > > > > On Mon, 2004-03-01 at 09:48, Scott Gross wrote: > > > > First thing is first. I need to be able to join a machine to the > domain > > > and > > > > be able to login to the domain. This is just to test and make sure > the > > > new > > > > Samba server is working. This is the problem I'm having and what > I'm > > > > looking for help on. Not how to migrate my users. > > > > > > > > > -----Original Message----- > > > > > From: Craig White [mailto:[EMAIL PROTECTED] > > > > > Sent: Monday, March 01, 2004 8:52 AM > > > > > To: Scott Gross > > > > > Cc: [EMAIL PROTECTED] > > > > > Subject: RE: [Samba] Can't login to Samba PDC > > > > > > > > > > Please keep this on list... > > > > > > > > > > The logical thing to do would be to keep your NT server as the > PDC. > > > Set > > > > > up samba not to be a domain controller at all but as a member > server > > > to > > > > > the domain (join that machine to the domain - using password > server = > > > > > PDC / security = domain and net join ...) > > > > > > > > > > That way, you can create all of the users, join all the machines, > set > > > up > > > > > roaming profiles (on the 'member' server) and get all ready. Then, > > > when > > > > > you are ready, you can do the net rpc vampire command and suck all > of > > > > > the user accounts/machine accounts/groups into your LDAP. > > > > > > > > > > Craig > > > > > > > > > > On Mon, 2004-03-01 at 09:34, Scott Gross wrote: > > > > > > I was planning to do each machine manually rather than using > scripts > > > to > > > > > move > > > > > > the users as I have to change a lot of things on the users PC to > > > keep > > > > > them > > > > > > running after I move them to the new domain. So my intention > was to > > > > > join > > > > > > the computer to the new domain, add the user to the Samba domain > > > then > > > > > > configure their PC for the new e-mail system and such. I have > to do > > > > > about > > > > > > 100 workstations in many different locations and a slow change > over > > > with > > > > > no > > > > > > problems is preferable to a faster one where users might > experience > > > > > > problems. > > > > > > > > > > > > This having been said I'm still having problems that after I > join > > > the > > > > > > workstation to the new domain I can't login to it. > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Craig White [mailto:[EMAIL PROTECTED] > > > > > > > Sent: Friday, February 27, 2004 9:33 PM > > > > > > > To: Scott Gross > > > > > > > Cc: [EMAIL PROTECTED] > > > > > > > Subject: RE: [Samba] Can't login to Samba PDC > > > > > > > > > > > > > > Let's keep this on list - there are a lot brighter people than > I > > > am on > > > > > > > this stuff... > > > > > > > > > > > > > > On Fri, 2004-02-27 at 19:58, Scott Gross wrote: > > > > > > > > > > > > > > > 3 - migrate? as in net rpc vampire? - how certain are you > that > > > LDAP > > > > > is > > > > > > > > working? Does LDAP handle linux login? Are you logging ldap > > > > > connections > > > > > > > > etc? > > > > > > > > > > > > > > > > migrate as in move from one to the other. I'm trying to get > the > > > > > Samba > > > > > > > > server running while we're using NT4 and then I will move my > > > users > > > > > and > > > > > > > > workstations to the new domain. I'm going to move them one > > > machine > > > > > and > > > > > > > user > > > > > > > > at a time manually. Yes LDAP handles the linux logins as > well > > > and > > > > > this > > > > > > > is > > > > > > > > working. I haven't set-up the LDAP to log the logins but > this > > > is > > > > > > > something > > > > > > > > I want to do as well. > > > > > > > ---- > > > > > > > OK - I am trying to understand what you are telling me. > > > > > > > > > > > > > > I can't possibly envision a scenario that you can make this > work - > > > > > > > moving one computer and one user over at a time. The computer > > > accounts > > > > > > > continually change their passwords. > > > > > > > > > > > > > > This is what the net rpc vampire command is designed to do, > move > > > the > > > > > > > machine accounts, user accounts and group accounts over to new > > > setup > > > > > > > while still retaining all the SID structure. It indeed works - > I > > > know > > > > > > > because I did it. > > > > > > > > > > > > > > That is not to say that it is without it's problems but it is > - > > > the > > > > > > > intended method and I learned a long time ago about the > benefit to > > > > > > > calculate wind direction before I start peeing. > > > > > > > > > > > > > > If you really feel as though you have LDAP set up properly - > it > > > > > appears > > > > > > > that you have a grasp on it since you can run ldapsearch from > > > command > > > > > > > line (I am shocked at the number of people that think they > have > > > LDAP > > > > > > > running and can't query LDAP), then you really should just > slapcat > > > > > your > > > > > > > current setup, dump it, slapadd the stuff you need into LDAP > and > > > use > > > > > the > > > > > > > net rpc vampire and suck it all in. You should have no problem > > > getting > > > > > > > it to simultaneously add the posixAccount & sambaSamAccount > > > properties > > > > > - > > > > > > > the only things that you may have to reconcile are 1 - > existing > > > > > accounts > > > > > > > in posixland that you want to be both posix & samba (perhaps > you > > > have > > > > > > > overlap and different passwords/uid's) and 2 - It's hard to > pull > > > the > > > > > > > plug on the existing NT 4 server because it probably has file > & > > > print > > > > > > > shares that you wanna keep around...try shutting off the > netlogon > > > > > > > service AFTER - you change the settings in smb.conf to make it > PDC > > > > > like > > > > > > > and restarting smbd/nmbd. It will still be mostly functional > > > > > > > > > > > > > > Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba