Charlie,
I didn't copied the secrets.tdb, I've used smbpasswd -w. In my Ldap I have an object named
"sambaDomainName=OPEN,dc=my,dc=company" which I didn't create, it's automagically created
by samba. That object has it's own sid, I've even deleted the secrets.tdb file and the ldap OPEN
object, they are recreated with "smbpasswd -w xxxxx", so I assume everything is
automagically right.
In addition I've tried the index on sambaSID attribute, I already have an "eq" index on
it, and I can't create a "sub" index, I think this is because of the attribute definition.
I've updated to samba-3.2.0-21 but I'm still stuck.
I'm worried about your comment on users located by sid as all my users already
has a sid assigned, is that sid server-dependant? I must assume it isn't, it's
only user-dependant, isn't it?
Regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: [EMAIL PROTECTED]
Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102
Fax: (+5982) 900-2952
Charlie wrote:
On Tue, Jul 1, 2008 at 8:16 PM, Ernesto Silva <[EMAIL PROTECTED]> wrote:
A few days ago I've installed OpenSuSE 11 Beta 2 in another server, it came
with samba 3.2.0-18, so as I'm very lazy I copied the smb.conf file from the
working server to the new one with little modifications like the netbios
name and which shares it serves, say Server B. I'm connecting to the same
Ldap server.
Did you copy over the secrets.tdb as well? If not, you are going to
have to use "net setlocalsid" to set the machine SID to match the old
one, and "smbpasswd -w" to set the LDAP access password. Samba tracks
users by SID now (which I don't like, personally, but it's something
that the Samba Team apparently had to do if they wanted to
interoperate with later versions of Microsoft's networking stack) so
your users will have SIDs that were created by the old system.
You also will want to put a "sub" index on the sambaSID attribute in
OpenLDAP's slapd.conf file if you haven't already done so. Later
versions of samba need it... you get a nice efficiency boost. Um, and
watch your search limits in OpenLDAP also -the "machine suffix" and
"user suffix" parameters in smb.conf are not applied as filters in the
searches that samba makes in LDAP, so search returns might be bigger
than you anticipate, and I'm not sure that samba can properly handle
an RFC-compliant paged LDAP search result like OpenLDAP might return.
I prefer using net setlocalsid and smbpasswd rather than just copying
over an old secrets.tdb - but use tdbdump on the old one to see if
there is anything else in there (like domain trust passwords) before
you decide.
--Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
