Hi, I'm new to the list, I hope i'm posting at the right place ;)
I'm having a hard time trying to update and to move my Samba 2.2 PDC to a new Debian server. Currently, the PDC is using Samba 2.2.8 on a Solaris Server. My goal is to move it to another computer, and to update it to a newer version (3.0.24) This must be fully transparent for the users, since I have no time to disjoin and to rejoin the domain on all machines. I'm using the smbpassword backend, and a NIS server. The NIS stores all the Unix accounts, but the machine accounts are local. The domain name is SMBDOM. The PDC is called aldebaran, and has the Netbios name PDC. I've caught SID of the old machine, with the smbpasswd -X SMBDOM, which is the same than the one I get with smbpasswd -X PDC. Now, I've installed my Samba 3 server on the new machine, which uses the same hostname and the same Netbios name. I've set the SID to the old domain one, using net setlocalsid olddomainsid, and net setlocalsid olddomainsid. I've also copied the smb.conf, and the secrets.tdb, and done the group mappings. Here is the result of the net groupmap list command : testpdc:/var/log/samba# net groupmap list Domain Admins (S-1-5-21-2616637325-650964048-2930221742-512) -> adminasr Domain Computers (S-1-5-21-2616637325-650964048-2930221742-515) -> machines The problem is that the old domain computers can't join the new domain. I'm having the message "Windows can't connect... The server might not be running, or your machine account has not been found..." or something like that. Here is what I can see in the logs : [2008/05/23 15:20:00, 2] libsmb/credentials.c:creds_server_check(218) creds_server_check: credentials check failed. [2008/05/23 15:20:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) _net_auth2: creds_server_check failed. Rejecting auth request from client CYANN machine account CYANN$ [2008/05/23 15:20:00, 2] libsmb/credentials.c:creds_server_check(218) creds_server_check: credentials check failed. [2008/05/23 15:20:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478) _net_auth2: creds_server_check failed. Rejecting auth request from client CYANN machine account CYANN$ When running pdbedit -vL with my username for example, everything seems fine : testpdc:/var/log/samba# pdbedit -vL marinier Unix username: marinier NT username: Account Flags: [UX ] User SID: S-1-5-21-2616637325-650964048-2930221742-3324 Primary Group SID: S-1-5-21-2616637325-650964048-2930221742-513 Full Name: Florian Marinier Home Directory: \\pdc\marinier HomeDir Drive: u: Logon Script: montage.bat marinier Profile Path: Domain: SMBDOM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 04:14:07 CET Kickoff time: Tue, 19 Jan 2038 04:14:07 CET Password last set: Fri, 04 Apr 2008 15:53:44 CEST Password can change: Fri, 04 Apr 2008 15:53:44 CEST Password must change: Tue, 19 Jan 2038 04:14:07 CET Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF The SID is the right one. When running pdbedit -vL cyann$ (which is one of my machine accounts) testpdc:/var/log/samba# pdbedit -vL cyann$ Unix username: cyann$ NT username: Account Flags: [W ] User SID: S-1-5-21-2616637325-650964048-2930221742-2820 Primary Group SID: S-1-5-21-2616637325-650964048-2930221742-515 Full Name: Trust Account Home Directory: HomeDir Drive: (null) Logon Script: Profile Path: Domain: SMBDOM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 04:14:07 CET Kickoff time: Tue, 19 Jan 2038 04:14:07 CET Password last set: Wed, 18 Apr 2007 18:28:27 CEST Password can change: Wed, 18 Apr 2007 18:28:27 CEST Password must change: Tue, 19 Jan 2038 04:14:07 CET Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF the SID and domain are the right ones... But I still can't log in :( I may have an answer, but i'd be glad to have a confirmation : On my old Solaris server, my machines group had the GID 101. And on my new Debian Server, the GID 101 is already used by Crontab, so I chose another GID. May it be the source of all my problems? PS : However, when i disjoin and rejoin the domain, everything seems Ok. Does anyone have a clue? Thanks, Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
