Mike Cauble wrote:
Jim,
I recently did the same thing, here is what I found:
Hi Mike,
Thanks for the response. Here is what I discovered while testing this morning:
When I migrated my ldap, some machines couldn't connect even thought
they had an account on the domain. Here are some of the reasons
"sambaPwdLastSet" must have a valid value (ie. 1146061069) I can't
remember but all the date fields ( sambaPwdMustChange,
sambaPwdCanChange) may have to have a valid value
I guess they are valid, they at least match what is in the old ldap.
check your old ldap machine entries against the new ldap entries
sambaSID, sambaNTPassword must match, make sure sambaAcctFlags has a [W]
I have compared the values of the attributes and they match.
objectClass: sambaSamAccount - I have seen this discussed as something
that has changed you might want to check this
You might remove and re-add a machine then look at it's ldap entry and
compare with another machine account's old ldap entry.
I did the remove and add process. There were three attributes that were
updated:
sambaPwdCanChange,
sambaPwdLastSet,
sambaNTPassword
and the machine was joined and all is well.
So I am now wondering which or all of these values could I use from the newly
added machine entry and use to update the the rest of my machine entries? I do
not look forward to having to do the remove/add process for each machine.
From what I have read, the sambaNTPassword is the MD4() of the password? And
I am guessing the password is the password of the admin that is used when
joining the domain?
Which may not be right, because when I look at the NTpassword for various
working machines they are all different, but since I do not know how the MD4
works it may be the same password just a different crypt'd value based on some
random seed.
I am going to take the value of the NTpassword from my working machine entry
and set it on a non-working entry and see if that machine will then attach to
the domain without having to do the remove/add process.
Do you think this might work? Thoughts / suggestions?
Thanks again,
--
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
