[Samba] Samba 2.2 to 3.0.9 DC upgrade problems
Hans du Plooy
I just replaced a client's SUSE 8.0/Samba 2.2 DC with a SUSE 9.2/Samba 3.0.9
DC. Drives were giving trouble, and since that box was a first attempt at a
linux DC there was a lot of room for improvement.
I copied the profiles and home directories over to the new machine, chowned
them to the new users. I also did extracted the securid from the old DC and
set it to the new one (using the net command). I expected the clients not to
notice. Oh dear...
First off, the Windows 98 clients, stupid as they are on a network, didn't
notice at all. But the Windows 2000 and Windows XP Pro ones had trouble.
They all logged in fine, but they all had all sorts of weird problems. For
example, upon starting outlook, it did the whole
install-the-user-specific-stuff routine you get when you run it for the first
time. I ended up having to rename the profile and have it create a new one.
Lot's of unhappy users....
Can anyone tell me what I did wrong? My suspicion, in hindsight, is that the
local copy of the profile on each client, belongs to the domain user, as
identified by it's userid (I'm sure I've seen windows refering to a "Unix
user 514" or something similar before), and that the user id has changed
(which it has - SUSE 8.0 maps users from 500 up, 9.2 from 1000 up). Can
anyone shed some light?
Thanks
--
Kind regards
Hans du Plooy
Newington Consulting Services
hansdp at newingtoncs dot co dot za
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
John H Terpstra
> Hi all,
>
> I just replaced a client's SUSE 8.0/Samba 2.2 DC with a SUSE 9.2/Samba
> 3.0.9 DC. Drives were giving trouble, and since that box was a first
> attempt at a linux DC there was a lot of room for improvement.
>
> I copied the profiles and home directories over to the new machine, chowned
> them to the new users. I also did extracted the securid from the old DC
> and set it to the new one (using the net command). I expected the clients
> not to notice. Oh dear...
>
> First off, the Windows 98 clients, stupid as they are on a network, didn't
> notice at all. But the Windows 2000 and Windows XP Pro ones had trouble.
> They all logged in fine, but they all had all sorts of weird problems. For
> example, upon starting outlook, it did the whole
> install-the-user-specific-stuff routine you get when you run it for the
> first time. I ended up having to rename the profile and have it create a
> new one. Lot's of unhappy users....
>
> Can anyone tell me what I did wrong? My suspicion, in hindsight, is that
> the local copy of the profile on each client, belongs to the domain user,
> as identified by it's userid (I'm sure I've seen windows refering to a
> "Unix user 514" or something similar before), and that the user id has
> changed (which it has - SUSE 8.0 maps users from 500 up, 9.2 from 1000 up).
> Can anyone shed some light?
Windows NT/2KX stores the Windows SID as an access control identifier inside
the profile file NTUser.DAT. If you do not replace the SID inside this file
with the new SID on from the new server then your users will not be able to
access their profiles - i.e.: It just will not work as you have seen.
You can recover the SID from the old system by running (for Samba-3):
net getlocalsid
You can set the SID on the new server by running:
net setlocalsid S-1-5-21-XXXXX-XXXXX-XXXXXX
Note: The SID must be the one you obtained from the old server.
Additionally, you must ensure that each user has the same UID and GID as they
were on old server.
- John T.
>
> Thanks
> --
> Kind regards
> Hans du Plooy
> Newington Consulting Services
> hansdp at newingtoncs dot co dot za
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
Hans du Plooy
> You can recover the SID from the old system by running (for Samba-3):
>
> net getlocalsid
>
> You can set the SID on the new server by running:
>
> net setlocalsid S-1-5-21-XXXXX-XXXXX-XXXXXX
This I did - in fact, I was quite paranoid about it and checked it over and
over just to be absolutely sure.
> Note: The SID must be the one you obtained from the old server.
> Additionally, you must ensure that each user has the same UID and GID as
> they were on old server.
I think this must have been the problem. Do you refer to UID and GID withing
samba, or the unix UID and GID?
Thanks
--
Kind regards
Hans du Plooy
Newington Consulting Services
hansdp at newingtoncs dot co dot za
--
John H Terpstra
> On Wednesday 12 January 2005 23:06, John H Terpstra wrote:
> > You can recover the SID from the old system by running (for Samba-3):
> >
> > net getlocalsid
> >
> > You can set the SID on the new server by running:
> >
> > net setlocalsid S-1-5-21-XXXXX-XXXXX-XXXXXX
>
> This I did - in fact, I was quite paranoid about it and checked it over and
> over just to be absolutely sure.
>
> > Note: The SID must be the one you obtained from the old server.
> > Additionally, you must ensure that each user has the same UID and GID as
> > they were on old server.
>
> I think this must have been the problem. Do you refer to UID and GID
> withing samba, or the unix UID and GID?
Samba maps the UID to the user SID. The user SID is made up of the Domain SID
plus a RID. The RID = 2xUID + 1000.
If the UID = 1234 the RID = 2468.
If the SID = S-1-5-21-12345678-12345678-12345678 the user SID =
S-1-5-21-12345678-12345678-12345678-2468
- John T.
>
> Thanks
> --
> Kind regards
> Hans du Plooy
> Newington Consulting Services
> hansdp at newingtoncs dot co dot za
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.