why dont you give the new pdc the same SID as the old domain then ? on OLD-PDC net get local sid <domain>
on new PDC net setlocalsid SID good luck. >-----Oorspronkelijk bericht----- >Van: BOURIAUD David [mailto:[EMAIL PROTECTED] >Verzonden: dinsdag 2 december 2008 16:22 >Aan: L.P.H. van Belle >Onderwerp: Re: [Samba] Problems when migrating from an old >machine to a new one. > >Le Tuesday 02 December 2008, vous avez écrit : > >Hi ! >Thanks for your quick help. I've checked all you've said, but >everything is as >you expect it to be. > >Here are different elements of my setup : >smb.conf contains : > > preferred master = True > domain master = True > logon path = \\%L\profiles\%U > logon drive = P: > nt acl support = Yes > profile acls = Yes > passdb backend = ldapsam:ldap://ldap.server.adress/ > ldap passwd sync = Yes > >[profiles] > path = /smbhome/profiles/ > read only = No > store dos attributes = Yes > browseable = No > writeable = Yes > create mask = 0600 > directory mask = 0700 > guest ok = no > printable = no > hide files = /desktop.ini > >[profile] > path = /smbhome/profiles/%U > browseable = Yes > writeable = Yes > create mask = 0700 > directory mask = 0700 > >This should be sufficient and working. The fact is that I >rsync the profiles >from the old machine to the new one, and do a chown/chmod >afterward, but >consider that the previous PDC (let's call him OLD-PDC) have a >SID (called >OLD-SID) and the new PDC (let's call him NEW-PDC) have a new >SID (called NEW- >SID). >If I'm not mistaken, what I want to do can't be accomplished >with a poor rsync >between these machines, because when I pick up the profile on >OLD-PDC and copy >all the files in /smbhome/profiles/user/, the file named >NTUSER.DAT contains >references to OLD-SID. I've tried out to change it's content >with the command >I explained in my previous mail : profiles -c OLD-SID -n >NEW-SID NTUSER.DAT >but it doesn't work. >Indeed, if I check everything after having copied NTUSER.DAT.new over >NTUSER.DAT, with profiles -v NTUSER.DAT | grep OLD-SID, I >stille find entries >in it. >So, I guess that the command I type in is not enough. >You're right, this have to do with file rights, but not on the >filesystem >itself. So far as I understand what's involved in the authentification >process. >This is hard to guess, because even with a lot of verbosity in >log files (I've >tried out log level = 10 in smb.conf), the error isn't shown). >And on the >workstation, the domain user isn't allowed to view the >security log file. >I'm stuck at this point and don't know how to solve it... > >> Hi, >> >> after you've moved you profile folder, >> check every right. >> set 777 on profile it zelf. >> set create right to 700 for every new folder in the profiles share. >> check you users profile folder rights. >> >> sorry but this is a permission problem. >> >> my profiles share. >> [profiles] >> path = /home/samba/profiles >> comment = Profiles >> read only = no >> create mask = 0600 >> directory mask = 0700 >> browseable = Yes >> guest ok = Yes >> csc policy = disable >> force user = %U >> valid users = %U @"Domain Admins" >> >> /home/samba/profiles has 777 as right. >> >> when this is done, correct your users profiles >> >> cd /home/samba/profiles >> for x in $( ls ); >> do >> chown -R $x:"Domain Users" $x >> chmod -R 700 $x >> done >> >> this should do it. >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
