Hi, I've been going nuts for the last couple of days with the issue of migrating from MDK 9.1/Samba 2.2.8a to MDK 10.0/Samba 3.02a.
The backend is LDAP. Going through the documentation it seemed like everything would be sort of simple: Install new machine, setup smb.conf as BDC, rsync every share (including homes, netlogon and profiles) across, set ldap admin password in secrests.tdb, inject correct domain SID, dump current PDC LDAP tree to ldif, import ldif into BDC, join BDC to domain and fire up samba. Everything described worked out more or less as expected. The problem was that any attempt to log on to a share gave an NT_STATUS_LOGON_FAILURE error. Cranking up the log didn't help me much, the only part that was strange was information that the NT and LM passwords didn't exist. Well I was looking at them on another window...??!! At some point I changed the password on one of the accounts with smbldap-passwd (same password I knew was there before) and now smbclient worked fine. After checking the code for smbldap-passwd I saw that from the old server to the new one there were some changes in the commands used to chenge the password for the posixaccount. I thought damn, i'm dead i'm going to have to change everybody's password to something new and tell them to change back to whatever they want later... (just imagine the comments, "these guys from IT love to complicate things for no resason..."). Well finally after chasing down every link I could find on google and drwing a blank I noticed that the account I had changed the password on had a value in the SambaPwdLastSet attribute that was diferent from 0. Every account imported from the ldif file had this as 0. I checked on the old server and the corresponding attribute pwdLastSet was 0 also. Anyway I decided to just copy the new value to one of the other accounts and, presto smbclient working as expected..! Since on the old server there is no problem I would like to ask if this new behaviour is intended or a quirk in Samba (at least in MDK 3.02.a)? If the behaviour is intended it would be nice to find a reference to this in the migration chapters in the docs so others know about it and the kind people who provide us with scripts to migrate can integrate this aspect. Sorry for the long text but I needed a stress break... Regards, Eugenio Ruivo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
