Jeferee
2003-Nov-07 07:30 UTC
[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities
Hello, I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 RPM from samba.org, then putting my local changes back into smb.conf. I have also migrated my smb users from smbpasswd to tdbsam with the pdbedit utility as discussed in the HOWTO. It seems I have to rejoin my client boxes (windows 2000 pro) to the domain in order to log in, and then I have to blow away my local users on each client machines to allow the roving profiles to be reloaded at login. Also, I have had to add the following to my smb.conf file to use tdbsam successfully. logon home = \\%L\%U logon path = \\%L\%U\profile I had to do this in order to get the correct string to come up in pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the defaults cuased %N to show in place of the server name) - when I used 'smbpasswd' as the backend pdbedit -Lv showed proper values and things worked OK. I also had to mess around a bit with 'net groupmap' modify/list to get the standard Windows groups to map properly to UNIX groups, as discussed in the HOWTO. These seemed to work fine under 2.2.7. Everything seems to work OK now, except for the following problems. Can anyone tell me what I did wrong upgrading with respect to the following 3 issues: 1) I have to rejoin each client Windows 2000 box to the domain or logins fail (says the client is not in the domain) - did the machines' SIDs change for some reason? Server SID? 2) I have to blow away local roving profiles, then log in to get the roving profiles to reload from the server - error says the profile for that user already exists on the server, but has the 'wrong security'. Loads temp settings. SID problem? 3) After rejoining and reloading, regular Domain Users do not have the ability to change their Internet Connection Settings - The "Internet Connection Wizard" icon recreates at each login, and when the user tries to access it, they get an access denied error. Changes to internet settings from IE are not recorded, and it complains about 'no identities'. The users are properly listed in the "Domain Users" group. If I put the user (or Domain Users) in the Admininistrator group on the client boxes, he successfully gets his previously set settings (home page, etc) at login. Thank you, and great job on 3.0! Jeff Jones
John H Terpstra
2003-Nov-07 09:15 UTC
[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities
On Thu, 6 Nov 2003, Jeferee wrote:> Hello, > > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 > RPM from samba.org, then putting my local changes back into smb.conf. > I have also migrated my smb users from smbpasswd to tdbsam with the > pdbedit utility as discussed in the HOWTO. > > It seems I have to rejoin my client boxes (windows 2000 pro) to the > domain in order to log in, and then I have to blow away my local users > on each client machines to allow the roving profiles to be reloaded at > login. > > Also, I have had to add the following to my smb.conf file to use tdbsam > successfully. > > logon home = \\%L\%U > logon path = \\%L\%U\profile > > I had to do this in order to get the correct string to come up in > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the > defaults cuased %N to show in place of the server name) - when I used > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things > worked OK. > > I also had to mess around a bit with 'net groupmap' modify/list to get > the standard Windows groups to map properly to UNIX groups, as discussed > in the HOWTO. These seemed to work fine under 2.2.7. > > Everything seems to work OK now, except for the following problems. > Can anyone tell me what I did wrong upgrading with respect to the > following 3 issues: > > 1) I have to rejoin each client Windows 2000 box to the domain or logins > fail (says the client is not in the domain) - did the machines' SIDs > change for some reason? Server SID?Yes. You should have saved the Domain SID before migration, then restored it on Samba-3 using the net utility. That way your clients would have been quite happy.> > 2) I have to blow away local roving profiles, then log in to get the > roving profiles to reload from the server - error says the profile for > that user already exists on the server, but has the 'wrong security'. > Loads temp settings. SID problem?Correct. See comment for Q1.> > 3) After rejoining and reloading, regular Domain Users do not have the > ability to change their Internet Connection Settings - The "Internet > Connection Wizard" icon recreates at each login, and when the user tries > to access it, they get an access denied error. Changes to internet > settings from IE are not recorded, and it complains about 'no > identities'. The users are properly listed in the "Domain Users" group. > If I put the user (or Domain Users) in the Admininistrator group on the > client boxes, he successfully gets his previously set settings (home > page, etc) at login.Yes. Correct.> Thank you, and great job on 3.0!Glad to hear that the documentation was useful. Want to send me any updates for it? Cheers, John T. -- John H Terpstra Email: jht@samba.org
McKeever Chris
2003-Nov-07 23:01 UTC
[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities
On Fri, 7 Nov 2003 10:38 , Jeff Jones <jeferee@hotmail.com> sent:>> Yes. You should have saved the Domain SID before migration, then restored >> it on Samba-3 using the net utility. That way your clients would have been >> quite happy. > > >Ah, ok. Is there a document explaining how to save and restore the SID? I >saved the contents of /etc/samba before performing the upgrade. Can I still >extract the SID and restore it into my Samba 3? I still have some client >boxes I haven't joined to the new domain. > >Is there any other way, at this point, to allow my domain users write access >to their identities / accounts without them being administrators? A way of >moving forward with my new SID?if you still have the old /etc/samba/secret.tdb file, you can grab the SID out of that.> >Why isn't Windows allowing the users access to their internet settings / >identities, even though they're in the new domain and the users' profiles >have been reloaded from the server? Is there any way to fix it? > >Thanks again, >Jeff > > >----- Original Message ----- >From: "John H Terpstra" jht@samba.org> >To: "Jeferee" jeferee@hotmail.com> >Cc: samba@lists.samba.org> >Sent: Friday, November 07, 2003 1:15 AM >Subject: Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet >Connection Wizard / Identities > > >> On Thu, 6 Nov 2003, Jeferee wrote: >> >> > Hello, >> > >> > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this >> > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 >> > RPM from samba.org, then putting my local changes back into smb.conf. >> > I have also migrated my smb users from smbpasswd to tdbsam with the >> > pdbedit utility as discussed in the HOWTO. >> > >> > It seems I have to rejoin my client boxes (windows 2000 pro) to the >> > domain in order to log in, and then I have to blow away my local users >> > on each client machines to allow the roving profiles to be reloaded at >> > login. >> > >> > Also, I have had to add the following to my smb.conf file to use tdbsam >> > successfully. >> > >> > logon home = \\%L\%U >> > logon path = \\%L\%U\profile >> > >> > I had to do this in order to get the correct string to come up in >> > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the >> > defaults cuased %N to show in place of the server name) - when I used >> > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things >> > worked OK. >> > >> > I also had to mess around a bit with 'net groupmap' modify/list to get >> > the standard Windows groups to map properly to UNIX groups, as discussed >> > in the HOWTO. These seemed to work fine under 2.2.7. >> > >> > Everything seems to work OK now, except for the following problems. >> > Can anyone tell me what I did wrong upgrading with respect to the >> > following 3 issues: >> > >> > 1) I have to rejoin each client Windows 2000 box to the domain or logins >> > fail (says the client is not in the domain) - did the machines' SIDs >> > change for some reason? Server SID? >> >> Yes. You should have saved the Domain SID before migration, then restored >> it on Samba-3 using the net utility. That way your clients would have been >> quite happy. >> >> > >> > 2) I have to blow away local roving profiles, then log in to get the >> > roving profiles to reload from the server - error says the profile for >> > that user already exists on the server, but has the 'wrong security'. >> > Loads temp settings. SID problem? >> >> Correct. See comment for Q1. >> >> > >> > 3) After rejoining and reloading, regular Domain Users do not have the >> > ability to change their Internet Connection Settings - The "Internet >> > Connection Wizard" icon recreates at each login, and when the user tries >> > to access it, they get an access denied error. Changes to internet >> > settings from IE are not recorded, and it complains about 'no >> > identities'. The users are properly listed in the "Domain Users" group. >> > If I put the user (or Domain Users) in the Admininistrator group on the >> > client boxes, he successfully gets his previously set settings (home >> > page, etc) at login. >> >> Yes. Correct. >> >> > Thank you, and great job on 3.0! >> >> Glad to hear that the documentation was useful. Want to send me any >> updates for it? >> >> Cheers, >> John T. >> -- >> John H Terpstra >> Email: jht@samba.org >> >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba >---- Prudential Preferred Properties www.prupref.com