Hello, Second post: first had logs attached but was too big.
I have a test environment with 1 windows 2000 AD domain pdc ( mixed mode install ), 1 linux server ( to become pdc ) and a win xp box to test logon when the migration was completed. The problem is no matter what I try after the migration the win xp's logonserver = windows server not linux server. I have no idea what is going on here. I've listed the process for migration just incase I'm doing something wrong. NB: Initially I had a problem with the migration because machines were not being created. The problem was due to useradd conforming to the posix standard and wouldn't allow accounts prefixed with $. Got an interim fix from RedHat which fixed this problem. i can log in using smbclient -L localhost -U% -- anonymous shares available smbclient -L //linuxpdc/public -U pdawson -- shares available plus home directory Is there anything obvious I've missed? I've been at this for weeks now and have no idea what to check next. ( logs are a blur now ). for the purpose of log entries ( supplied if requested ) Domain: TESTPDC0 Windows 2000: TESTPDC ( 192.168.44.80 ) Linux Server LINUXPDC ( RHES4 ) ( 192.168.44.81 ) WinXP ( 192.168.44.20 ) ( machine name HP96281120913 ) Added linuxpdc and testpdc to /etc/samba/lmhosts Added linuxpdc and testpdc to our DNS cleaned groups up with ------ delGrps.sh ------------ net groupmap cleanup net groupmap delete ntgroup="Print Operators" net groupmap delete ntgroup="Domain Guests" net groupmap delete ntgroup="System Operators" net groupmap delete ntgroup="DnsAdmins" net groupmap delete ntgroup="Replicator" net groupmap delete ntgroup="Guests" net groupmap delete ntgroup="Power Users" net groupmap delete ntgroup="DnsUpdateProxy" net groupmap delete ntgroup="Administrators" net groupmap delete ntgroup="Account Operators" net groupmap delete ntgroup="Backup Operators" net groupmap delete ntgroup="Users" net groupmap delete ntgroup="Domain Users" net groupmap delete ntgroup="Domain Admins" net groupmap delete ntgroup="Domain Computers" net groupmap delete ntgroup="Cert Publishers" net groupmap delete ntgroup="RAS and IAS Servers" net groupmap delete ntgroup="Pre-Windows 2000 Compatible Access" net groupmap delete ntgroup="Group Policy Creator Owners" net groupmap delete ntgroup="Enterprise Admins" net groupmap delete ntgroup="Domain Controllers" net groupmap delete ntgroup="Schema Admins" net groupmap delete ntgroup="Server Operators" ------ delGrps.sh end ------------ removed secrets.tdb and passwd.tdb set up smb.conf to be ROLE_DOMAIN_BDC < testparm showed no errors > net rpc join -S testpdc -W testpdc0 -UAdministrator%password < joined the domain ok. checked on the win2000 server and linuxpdc was listed as a domain controller > net rpc getsid -S testpdc -W testpdc0 < sid was put into secrets > net getlocalsid testpdc0 S-1-5-21-705938202-4238141491-2786779978 < showed correct sid > net getlocalsid < no sid available so used: > net setlocalsid S-1-5-21-705938202-4238141491-2786779978 net getlocalsid S-1-5-21-705938202-4238141491-2786779978 < used initGrps.sh script to add groups > ------- initGrps.sh ---------- net groupmap modify ntgroup="Domain Admins" unixgroup=root net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Domain Guests" unixgroup=nobody ------- initGrps.sh end ---------- net rpc vampire -S testpdc -U Administrator%password < no errors> < list the groups on win 2000 box > net group -l -S testpdc -U Administrator%password < list groups on linuxpdc > net groupmap list ----------------------------------------- Server Operators (S-1-5-32-549) -> Server Operators Domain Guests (S-1-5-21-705938202-4238141491-2786779978-514) -> nobody Enterprise Admins (S-1-5-21-705938202-4238141491-2786779978-519) -> Enterprise Admins DnsAdmins (S-1-5-21-705938202-4238141491-2786779978-1101) -> DnsAdmins Domain Controllers (S-1-5-21-705938202-4238141491-2786779978-516) -> Domain Controllers Administrators (S-1-5-21-705938202-4238141491-2786779978-1007) -> sys Schema Admins (S-1-5-21-705938202-4238141491-2786779978-518) -> Schema Admins Replicators (S-1-5-21-705938202-4238141491-2786779978-1019) -> kmem Replicator (S-1-5-32-552) -> Replicator Guests (S-1-5-32-546) -> nobody Group Policy Creator Owners (S-1-5-21-705938202-4238141491-2786779978-520) -> Group Policy Creator Owners Domain Users (S-1-5-21-705938202-4238141491-2786779978-1201) -> users Power Users (S-1-5-32-547) -> ntadmin Domain Guests (S-1-5-21-705938202-4238141491-2786779978-1199) -> nobody DnsUpdateProxy (S-1-5-21-705938202-4238141491-2786779978-1102) -> DnsUpdateProxy Print Operators (S-1-5-32-550) -> lp Administrators (S-1-5-32-544) -> Administrators Pre-Windows 2000 Compatible Access (S-1-5-32-554) -> Pre-Windows 2000 Compatible Access Account Operators (S-1-5-32-548) -> wheel Domain Admins (S-1-5-21-705938202-4238141491-2786779978-1001) -> root Account Operators (S-1-5-21-705938202-4238141491-2786779978-1021) -> wheel Backup Operators (S-1-5-32-551) -> bin Users (S-1-5-32-545) -> public Backup Operators (S-1-5-21-705938202-4238141491-2786779978-1003) -> bin RAS and IAS Servers (S-1-5-21-705938202-4238141491-2786779978-553) -> RAS and IAS Servers Print Operators (S-1-5-21-705938202-4238141491-2786779978-1015) -> lp Domain Users (S-1-5-21-705938202-4238141491-2786779978-513) -> users System Operators (S-1-5-21-705938202-4238141491-2786779978-1005) -> daemon Domain Computers (S-1-5-21-705938202-4238141491-2786779978-515) -> Domain Computers Domain Admins (S-1-5-21-705938202-4238141491-2786779978-512) -> root Cert Publishers (S-1-5-21-705938202-4238141491-2786779978-517) -> Cert Publishers ------------------------------------------- < everything seems ok > < checked users and groups. everything migrated ok. > < added all imported users to the users group. > < changed linuxpdc to be domain master > testparm verified this < switched off win2000 pdc > < started smb with: > service smb start < switched on win xp box > < used regedit to change signorseal > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters "RequireSignOrSeal"=dword:00000000 < re-booted xp machine > < seemed to log in ok > username: pdawson password: password < opened console with cmd > < run set > < LOGONSERVER=\\TESTPDC <--- not what I was expecting > < no drive mapping and logon.bat didn't run > <<<< had to remove logs ... too big for list. could be supplied on demand >>>> Regards, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
