Hi, Suggest you consider:
pdbedit --force-initialized-passwords to solve this problem. It is a documented work-around for this problem if I understand correctly what you have reported. - John T. --- John H Terpstra Samba-Team email: [EMAIL PROTECTED] > -------- Original Message -------- > Subject: [Samba] Migrating from 2.2.8a to 3.02a > From: "root" <[EMAIL PROTECTED]> > Date: Wed, August 18, 2004 1:46 pm > To: [EMAIL PROTECTED] > > Hi, > > I've been going nuts for the last couple of days with the issue of migrating > from MDK 9.1/Samba 2.2.8a to MDK 10.0/Samba 3.02a. > > The backend is LDAP. > > Going through the documentation it seemed like everything would be sort of > simple: > > Install new machine, setup smb.conf as BDC, rsync every share (including > homes, netlogon and profiles) across, set ldap admin password in > secrests.tdb, inject correct domain SID, dump current PDC LDAP tree to ldif, > import ldif into BDC, join BDC to domain and fire up samba. > > Everything described worked out more or less as expected. > > The problem was that any attempt to log on to a share gave an > NT_STATUS_LOGON_FAILURE error. > > Cranking up the log didn't help me much, the only part that was strange was > information that the NT and LM passwords didn't exist. Well I was looking at > them on another window...??!! > > At some point I changed the password on one of the accounts with > smbldap-passwd (same password I knew was there before) and now smbclient > worked fine. After checking the code for smbldap-passwd I saw that from the > old server to the new one there were some changes in the commands used to > chenge the password for the posixaccount. I thought damn, i'm dead i'm going > to have to change everybody's password to something new and tell them to > change back to whatever they want later... (just imagine the comments, "these > guys from IT love to complicate things for no resason..."). > > Well finally after chasing down every link I could find on google and drwing a > blank I noticed that the account I had changed the password on had a value in > the SambaPwdLastSet attribute that was diferent from 0. > > Every account imported from the ldif file had this as 0. I checked on the old > server and the corresponding attribute pwdLastSet was 0 also. > > Anyway I decided to just copy the new value to one of the other accounts and, > presto smbclient working as expected..! > > Since on the old server there is no problem I would like to ask if this new > behaviour is intended or a quirk in Samba (at least in MDK 3.02.a)? > > If the behaviour is intended it would be nice to find a reference to this in > the migration chapters in the docs so others know about it and the kind > people who provide us with scripts to migrate can integrate this aspect. > > Sorry for the long text but I needed a stress break... > > Regards, > Eugenio Ruivo > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
