samba - Jul 2004 - RE : Samba as a PDC / Windows NT 4 SP6a as a BDC

Are you sure of that ? I thought it was possible...
 
If it is not, I've got another slightly off topic question : how to I demote
my former Windows NT PDC (that is now a BDC) to a normal Windows NT server, so
that I have no problem with it ?
 
Thanks in advance.

	-------- Message d'origine-------- 
	De: Umberto Zanatta [mailto:uzanatta@provincia.treviso.it] 
	Date: lun. 26/07/2004 14:09 
	?: Julien Bordet 
	Cc: samba@lists.samba.org 
	Objet: Re: [Samba] Samba as a PDC / Windows NT 4 SP6a as a BDC
	
	
	You can't do it!
	
	Samba won't be a BDC for NT and viceversa.
	
	maybe, you should wait samba 4.0.
	
	Il lun, 2004-07-26 alle 13:05, Julien Bordet ha scritto: 

		Hi every body,
		 
		As you may have guessed, I've got a problem ;)
		 
		What I had :
		 
		   - A PDC Server (Windows NT 4 SP 6a), called SERVER1, for the domain TEST
		   - A BDC Server (Windows NT 4 SP 6a), called SERVER2, for the domain TEST
		 
		Everything was working fine.
		 
		Now I switched my NT PDC to a Samba PDC, and I make SERVER1 a BDC for the
domain. Until now, no problem. I use samba 3.0.4, connected to OpenLDAP thanks
to the ldapsam method.
		 
		However, after promoting Samba to be the PDC, it seems that none of the two
BDC (SERVER1 and SERVER2) can synchronize SAM, LSA and BUILTIN databases from
SAMBA.
		 
		So I can logon with any user/password that existed before the migration, but
cannot add any new account on the SAMBA/LDA Server. I've got a password
error when trying to log in.
		 
		On both servers, I have the following error :
		 
		Event ID 5718
		The full synchronization replication of the LSA database from the primary
domain controller servername failed with the following error: Procedure number
out of range.
		 
		I've successfully tried to establishe a secure channel from the BDC, with
the netdomain command
		 
		
		NETDOM BDC SERVER1 /SYNC
		
		However, trying to force a synchronization returns :
		
		C:\ntreskit>nltest /BDC_QUERY:TEST
		Server : \\SERVER1
		        SyncState :  REPLICATION_IN_PROGRESS
		        ConnectionState : Status = 1745 0x6d1 RPC_S_PROCNUM_OUT_OF_RANGE
		The command completed successfully
		
		The error message here corresponds to the message of the event viewer.
		
		Have anyone of you seem anything like that before ?
		
		I've search both the microsoft support site and the samba mailing list
archive, but without success.
		
		Many thanks for your help. 
		
		 
		
		Julien
		
		 
		
		
		
		Here is my smb.conf :
		
		 
		
		[Global]
		workgroup = TEST
		netbios name = SAMBA
		server string = SAMBA-LDAP
		username map = /etc/samba/smbusers
		encrypt passwords = yes
		interfaces = 172.16.0.115/16
		
		domain logons = Yes
		os level = 65
		domain master = Yes
		local master = No
		security = user
		wins support = Yes
		
		passdb backend = ldapsam:ldap://localhost
		ldap admin dn = "cn=samba,ou=DSA,dc=testdomain,dc=fr"
		ldap ssl = off
		ldap delete dn = yes
		ldap user suffix = ou=Utilisateurs
		ldap group suffix = ou=Groupes
		ldap machine suffix = ou=Machines
		ldap suffix = dc=testdomain,dc=fr
		ldap idmap suffix = ou=Users
		ldap passwd sync = yes
		
		Dos charset = 850
		Unix charset = ISO8859-1
		
		log level = 99
		log file = /var/log/samba/%m.log
		max log size = 100000
		time server = Yes
		socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
		
		logon script = logon.bat
		logon drive = H:
		logon home 		logon path 		
		add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
		add user script = /usr/local/sbin/smbldap-useradd -m "%u"
		add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
		add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
		delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
		set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
		
		[homes]
		comment = R?pertoires utilisateurs
		valid users = %U
		read only = No
		create mask = 0664
		directory mask = 0775
		browseable = No
		
		[netlogon]
		path = /var/lib/samba/netlogon
		browseable = No
		read only = Yes
		
		
		 
		
		
		
  _____  

		-- 
		To unsubscribe from this list go to the following URL and read the
		instructions:  http://lists.samba.org/mailman/listinfo/samba
<http://lists.samba.org/mailman/listinfo/samba>

	
_______________________
Umberto Zanatta
linuxDidattica

tel: +39 (335) 54 71 385
email: umberto.z@tin.it
web: http://linuxdidattica.org
_______________________

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 26 July 2004 08:41 am, Julien Bordet wrote:
| Are you sure of that ? I thought it was possible...

Not possible via Samba at all.  There is no SAM synchronization between 
Samba and Microsoft Windows DCs.

|
| If it is not, I've got another slightly off topic question : how to I
| demote my former Windows NT PDC (that is now a BDC) to a normal
| Windows NT server, so that I have no problem with it ?

Microsoft says you must reinstall NT4, but many have used a product 
called UPromote successfully that will do this for you.  See 
http://utools.com/UPromote.asp.

Good luck,
Mark

- -- 
_____________________________________________
A Message From...  L. Mark Stone

Reliable Networks of Maine, LLC
477 Congress Street, 5th Floor
Portland, ME 04101
Tel: (207) 772-5678
Web: http://www.RNoME.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFBBQ292cQw/ayGE2gRAt1tAJ9x6ZRG/ovxY9OtaeU+CYJSMMTDOQCeO9vE
9yy9DRt3fXyL+TdmHgV6tWs=B/Rq
-----END PGP SIGNATURE-----

> Not possible via Samba at all.  There is no SAM synchronization between
> Samba and Microsoft Windows DCs.
OK. I think I've observed that by myself ;) ;)
> Microsoft says you must reinstall NT4, but many have used a product
> called UPromote successfully that will do this for you.  See
> http://utools.com/UPromote.asp <http://utools.com/UPromote.asp> .
Yes, my search have just lead me to that soft. I'll give a try.

Many thanks for your help.

Kind regards

 

Julien




 


	-------- Message d'origine-------- 
	De: L. Mark Stone [mailto:LMStone@RNoME.com] 
	Date: lun. 26/07/2004 15:57 
	?: samba@lists.samba.org 
	Cc: 
	Objet: Re: [Samba] Samba as a PDC / Windows NT 4 SP6a as a BDC
	
	

	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA1
	
	On Monday 26 July 2004 08:41 am, Julien Bordet wrote:
	| Are you sure of that ? I thought it was possible...
	
	Not possible via Samba at all.  There is no SAM synchronization between
	Samba and Microsoft Windows DCs.
	
	|
	| If it is not, I've got another slightly off topic question : how to I
	| demote my former Windows NT PDC (that is now a BDC) to a normal
	| Windows NT server, so that I have no problem with it ?
	
	Microsoft says you must reinstall NT4, but many have used a product
	called UPromote successfully that will do this for you.  See
	http://utools.com/UPromote.asp.
	
	Good luck,
	Mark
	
	- --
	_____________________________________________
	A Message From...  L. Mark Stone
	
	Reliable Networks of Maine, LLC
	477 Congress Street, 5th Floor
	Portland, ME 04101
	Tel: (207) 772-5678
	Web: http://www.RNoME.com
	
	-----BEGIN PGP SIGNATURE-----
	Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
	
	iD8DBQFBBQ292cQw/ayGE2gRAt1tAJ9x6ZRG/ovxY9OtaeU+CYJSMMTDOQCeO9vE
	9yy9DRt3fXyL+TdmHgV6tWs	=B/Rq
	-----END PGP SIGNATURE-----
	--
	To unsubscribe from this list go to the following URL and read the
	instructions:  http://lists.samba.org/mailman/listinfo/samba

Try this link:

http://is-it-true.org/nt/registry/rtips94.shtml

did work for me

best regards

Andreas

Julien Bordet schrieb:
>  
> If it is not, I've got another slightly off topic question : how to I
demote my former Windows NT PDC (that is now a BDC) to a normal Windows NT
server, so that I have no problem with it ?
>