Geoff Stitt
2003-Jun-03 21:28 UTC
[Samba] Win2K Machine Accounts No Longer Valid after Samba PDC Upgrade (2.2.2 to 2.2.8a)
Symptom: After upgrading our Primary Domain Controller from Samba 2.2.2 to Samba 2.2.8a, users attempting to login from Windows 2000 clients are no longer able to do so. Details: After some research it was discovered that if a Windows 2000 client re-joins the domain served by the upgraded version of Samba, users are then able to, once again, log into this domain. It was also discovered that if the Samba PDC was downgraded to its original version of 2.2.2, any windows 2000 client that re-joined the domain while the Samba PDC was at version 2.2.8a, was still able to log into the domain. As additional information, both versions of the Samba PDC were compiled on SPARC architecture running Solaris 8.0 As the above comments suggest, machine accounts are backward-compatible, but *not* forward-compatible between Samba versions 2.2.2 and 2.2.8a. After researching the Samba mailing lists and newsgroups it is more or less understood that in order to deal with problems of this nature each windows 2000 machine account needs to be recreated. Which is a very time-consuming effort. Is there a better way to deal with this upgrade path? Ideally where I don't have to visit each windows 2000 machine in order to re-create their machine accounts? A migration utility or set of server-side steps perhaps? Regards, Geoff Stitt -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030603/7daa3b43/attachment.bin
Geoff Stitt
2003-Jun-18 15:33 UTC
[Samba] Win2K Machine Accounts No Longer Valid after Samba PDC Upgrade (2.2.2 to 2.2.8a)
My apolgies in posting this again. However I was hoping someone had a suggestion... Symptom: After upgrading our Primary Domain Controller from Samba 2.2.2 to Samba 2.2.8a, users attempting to login from Windows 2000 clients are no longer able to do so. Details: After some research it was discovered that if a Windows 2000 client re-joins the domain served by the upgraded version of Samba, users are then able to, once again, log into this domain. It was also discovered that if the Samba PDC was downgraded to its original version of 2.2.2, any windows 2000 client that re-joined the domain while the Samba PDC was at version 2.2.8a, was still able to log into the domain. As additional information, both versions of the Samba PDC were compiled on SPARC architecture running Solaris 8.0 As the above comments suggest, machine accounts are backward-compatible, but *not* forward-compatible between Samba versions 2.2.2 and 2.2.8a. After researching the Samba mailing lists and newsgroups it is more or less understood that in order to deal with problems of this nature each windows 2000 machine account needs to be recreated. Which is a very time-consuming effort. Is there a better way to deal with this upgrade path? Ideally where I don't have to visit each windows 2000 machine in order to re-create their machine accounts? A migration utility or set of server-side steps perhaps? ...geoff
Maybe Matching Threads
- Win2K Machine Accounts No Longer Valid after Samba PD C Upgrade (2.2.2 to 2.2.8a)
- Win2k joining Samba 2.2.2 domain.
- Problem with Samba 2.2.8a PDC and Win2k Pro clients...
- very slow link between Win2k SP4 and Linux samba server (2.2.8a)
- Win2k -> Samba 2.2.2 for IRIX