Thanks... that's the information that I was missing. LDAP is overkill for our installation, but setting the SID explicitly seems to work with
tdbsam as well.


Regards,
Scott


Andrew Bartlett wrote:
On Fri, 2004-04-02 at 05:05, Scott Hanson wrote:

Hello,

I have inherited a samba-tng PDC (without ldap) that I am to upgrade to samba 3. My first attempt failed miserably. I copied over the smbpasswd and the domain SID, users were able to log in, but most were not able to load their profiles.

I think I have to copy over machine IDs, but I'm not sure how to proceed. The migration section of the the howto doesn't seem to apply to tng at all. Any tips or pointers on how to proceed?


The problem is almost certainly that the the RID portion of thier SID
has changed.

This is because Samba-TNG sets it's algorithmic rid system to use:

/* Take the bottom bits. */
#define RID_MULTIPLIER 4

Samba.org has always used a value of 2.  To fix this, figure out the
user's real RID

== (uid * RID_MULTIPLIER)+1000

and move your passdb to LDAP (pdb_ldap), where you can set the value
explicitly (sambaSid).  Samba 3.0 will then honour the existing SIDs, in
the same way is honours sids from an NT domain migration.

Andrew Bartlett

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to