On Tue, 23 Nov 2004 14:03:48 -0500, Rashaad S. Hyndman <[EMAIL PROTECTED]> wrote: > I have a question that seems to be an issue when authenticating users for > ADS. Before we went to AD we had a 2k domain called Enterprise. Since then > we created a domain called Corporated.net and all went well. Now i'm trying > to add my samba server to that domain but when users log in with their old > accounts (ie. Enterprise\username) the Samba server does not authenticate > that user against the DC. How do i let samba know that my CorporateD.net > and Enterprise domain users should be authenticated against the same DC?
If I understand you correctly, you are trying to move the samba machine from a win2k domain to an AD domain. I did something similar couple months ago -- moved my samba server from NT to AD domain. Winbind is looking for the old sid from the Enterprise domain. Say, user joe had gid 12345 in the old domain for a group called mygroup. When the samba machine is taken off that domain the group name will get transferred to the gid/uid. Then if you add the same machine to the AD domain it will try to map gid 12345 to a SID. But 12345 will map to a different group in the new domain. In my case , I got errors like 'could not convert 12345 to SID'. I am guessing you are getting the 'Could not fetch' error for the same reason. --Sharif -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
