> Yes. You should have saved the Domain SID before migration, then restored > it on Samba-3 using the net utility. That way your clients would have been > quite happy.
Ah, ok. Is there a document explaining how to save and restore the SID? I saved the contents of /etc/samba before performing the upgrade. Can I still extract the SID and restore it into my Samba 3? I still have some client boxes I haven't joined to the new domain. Is there any other way, at this point, to allow my domain users write access to their identities / accounts without them being administrators? A way of moving forward with my new SID? Why isn't Windows allowing the users access to their internet settings / identities, even though they're in the new domain and the users' profiles have been reloaded from the server? Is there any way to fix it? Thanks again, Jeff ----- Original Message ----- From: "John H Terpstra" <[EMAIL PROTECTED]> To: "Jeferee" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 1:15 AM Subject: Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities > On Thu, 6 Nov 2003, Jeferee wrote: > > > Hello, > > > > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this > > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 > > RPM from samba.org, then putting my local changes back into smb.conf. > > I have also migrated my smb users from smbpasswd to tdbsam with the > > pdbedit utility as discussed in the HOWTO. > > > > It seems I have to rejoin my client boxes (windows 2000 pro) to the > > domain in order to log in, and then I have to blow away my local users > > on each client machines to allow the roving profiles to be reloaded at > > login. > > > > Also, I have had to add the following to my smb.conf file to use tdbsam > > successfully. > > > > logon home = \\%L\%U > > logon path = \\%L\%U\profile > > > > I had to do this in order to get the correct string to come up in > > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the > > defaults cuased %N to show in place of the server name) - when I used > > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things > > worked OK. > > > > I also had to mess around a bit with 'net groupmap' modify/list to get > > the standard Windows groups to map properly to UNIX groups, as discussed > > in the HOWTO. These seemed to work fine under 2.2.7. > > > > Everything seems to work OK now, except for the following problems. > > Can anyone tell me what I did wrong upgrading with respect to the > > following 3 issues: > > > > 1) I have to rejoin each client Windows 2000 box to the domain or logins > > fail (says the client is not in the domain) - did the machines' SIDs > > change for some reason? Server SID? > > Yes. You should have saved the Domain SID before migration, then restored > it on Samba-3 using the net utility. That way your clients would have been > quite happy. > > > > > 2) I have to blow away local roving profiles, then log in to get the > > roving profiles to reload from the server - error says the profile for > > that user already exists on the server, but has the 'wrong security'. > > Loads temp settings. SID problem? > > Correct. See comment for Q1. > > > > > 3) After rejoining and reloading, regular Domain Users do not have the > > ability to change their Internet Connection Settings - The "Internet > > Connection Wizard" icon recreates at each login, and when the user tries > > to access it, they get an access denied error. Changes to internet > > settings from IE are not recorded, and it complains about 'no > > identities'. The users are properly listed in the "Domain Users" group. > > If I put the user (or Domain Users) in the Admininistrator group on the > > client boxes, he successfully gets his previously set settings (home > > page, etc) at login. > > Yes. Correct. > > > Thank you, and great job on 3.0! > > Glad to hear that the documentation was useful. Want to send me any > updates for it? > > Cheers, > John T. > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba