Hello Samba people,
My goal is to upgrade our Samba 2.2.9 PDC to 3.0.6. 2.2.9 was installed from
an RPM, but 3.0.6 is compiled from source. No special options except
--with-prefix and other location-specific ones. We are using the typical
smbpasswd back-end.
So I have compiled and installed 3.0.6. I have tweaked the smb.conf to
reflect what I believe are the new values for 3.x. The testparm command does
not complain. I will include a dump of the old and new smb.conf files at the
end of the email. Then I made sure that the new server would have an
identical SID to the old one, by using "net setlocalsid
<oldsid>". I then
stopped the old server, started the new one, and I was able to access the
shares right away. I thought I was home-free!
However, when I logged in from SOME of my NT machines, and my only W2K
machine, they were not able to find the user's profile. The profiles are in
the default location (/home/userid/profile). Some NT machines, and the one
XP machine, have no issues finding the profiles. Also, one of my XP users
stopped being able to print. For the other users who could see their
profiles, they could print just find.
I fixed one of the NT machines by specifying the logon path in smb.conf. The
W2K machine would not see the roaming profile, no matter what.
I stopped the 3.0.6 server and restarted 2.2.9, and everyone was happy.
Except that I had to rejoin the W2K machine to the domain.
I must be missing something here, as this upgrade is not going smoothly so
far. Please see the configuration info below:
2.2.9 smb.conf (that works)
------------------------------------------
[global]
workgroup = FURN
netbios name = FURNSRV
server string = Furniture File Server
## LDAP stuff
#ldap admin dn = "cn=Manager,dc=borkholder,dc=com"
#ldap server = ldap.borkholder.com
#ldap ssl = start_tls
#ldap port = 389
#ldap suffix = "ou=people,dc=borkholder,dc=com"
security = user
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authe
ntication*tokens*updated*successfully*
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
log file = /var/log/samba/%m.log
username map = /etc/samba/smbusers
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false
-M %u
logon script = netlogon.bat
logon drive = h:
domain logons = Yes
domain admin group = +admins
os level = 99
dns proxy = No
wins support = Yes
printing = cups
printcap = /etc/printcap
remote announce = 192.168.1.255/FURN
remote browse sync = 192.168.1.255
hide dot files = Yes
inherit permissions = Yes
inherit acls = Yes
machine password timeout = 31449600
[homes]
read only = no
hide dot files = Yes
include = /etc/samba/extra.%m
[Printers]
comment = Printers
path = /var/spool/samba
printable = Yes
browseable = Yes
valid users = +everyone
printer admin = +everyone
public = yes
guest OK = Yes
[netlogon]
path = /home/samba/netlogon
public = yes
read only = yes
write list = +admins
browseable = No
<directory shares snipped>
[root@furnsrv samba]# smbpasswd -X furn
SID for domain furn is: S-1-5-21-383998039-2845272951-4289691644
3.0.6 smb.conf (that exhibits the problem behavior)
-----------------------------------------------
[global]
workgroup = FURN
netbios name = FURNSRV
server string = Furniture File Server
socket address = 192.168.2.3 127.0.0.1
## LDAP stuff
#ldap admin dn = "cn=Manager,dc=borkholder,dc=com"
#ldap server = ldap.borkholder.com
#ldap ssl = start_tls
#ldap port = 389
#ldap suffix = "ou=people,dc=borkholder,dc=com"
security = user
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authe
ntication*tokens*updated*successfully*
smb passwd file = /usr/local/samba/etc/smbpasswd
unix password sync = Yes
log file = /var/log/samba/%m.log
username map = /etc/samba/smbusers
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/sbin/useradd -d /dev/null -g 100
-s /bin/false -M %u
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false
-M %u
logon script = netlogon.bat
logon drive = h:
## Added to try to make it find all the profiles all the time
logon path = \\%N\%U\profile
domain logons = Yes
os level = 99
dns proxy = No
wins support = Yes
printing = cups
printcap = /etc/printcap
remote announce = 192.168.1.255/FURN
remote browse sync = 192.168.1.255
remote browse sync = 192.168.1.255
hide dot files = Yes
inherit permissions = Yes
inherit acls = Yes
interfaces = eth0
machine password timeout = 31449600
[homes]
read only = no
hide dot files = Yes
#include = /etc/samba/extra.%m
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = Yes
valid users = +everyone
printer admin = +everyone
public = yes
guest OK = Yes
[netlogon]
path = /home/samba/netlogon
public = yes
read only = yes
write list = +admins
browseable = No
<snipped other shares>
[root@furnsrv bin]# ./net getlocalsid
SID for domain FURNSRV is: S-1-5-21-383998039-2845272951-4289691644
Thanks so much for reading this. If you have any advice for me it would be
greatly greatly appreciated!
Misty
