Nathaniel Grier
2004-Jul-13 04:44 UTC
[Samba] Migrating from a WinNT 4 PDC to Samba 3 PDC Troubles
Hi, I've been in the process of attempting a transition from our current NT 4.0 PDC to Samba 3.0.4 on linux (Debian running the 2.4.18 kernel). I can get the smbd/nmbd up and running just fine and configure them by hand or with SWAT and the changes are saved. I've been following the HOWTO's and get stuck at the net rpc vampire step: I am able to join the linux machine, call it SERVER2, successfully to the domain, DOM. However, when I call 'net rpc vampire -S SERVER1 -U Administrator%secret' I get the error that my current domain and that of the server are incompatible: Your current domain SERVER2 (SID:xxxx) does not match the server's domain DOM (SID:xxx). (Sorry, I'm paraphrasing the error output as I'm at home and don't have it in front of me, but it's quite straightforward and contains no more useful information than that.) So even though it says that I've join the domain DOM, it still thinks I'm in some domain with the name of the machine SERVER2. I've checked (as per the error message) that the smb.conf has the workgroup = DOM security = user Also, if I run pdbedit -Lv it reports that the current domain is SERVER2 rather than DOM. Running net rpc setsid DOM simply adds the SID of the domain to secrets.tdb but doesn't switch its insistence of SERVER2 being the domain rather than DOM. A call to net rpc testjoin says things are AOK & that I'm in the domain DOM. Running net setlocalsid SERVER2 SID of DOM changes the SID of the SERVER2 domain to be the same as the of DOM, but just causes authentication errors when running net rpc vampire as it still thinks that the domains have different names. Any suggestions as to how to resolve this problem would be most appreciated. I'm guessing a way to simply reset the name of the domain it thinks its in would work, but having not worked much with 3.0, I'm not sure. (I've used 2.2, but it's been a while since I've set one up and not in as large a network environment.) Thanks so much, Nathaniel Grier
Craig White
2004-Jul-13 05:46 UTC
[Samba] Migrating from a WinNT 4 PDC to Samba 3 PDC Troubles
On Mon, 2004-07-12 at 21:35, Nathaniel Grier wrote:> Hi, > > I've been in the process of attempting a transition from our current NT 4.0 > PDC to Samba 3.0.4 on linux (Debian running the 2.4.18 kernel). I can get > the smbd/nmbd up and running just fine and configure them by hand or with > SWAT and the changes are saved. > > I've been following the HOWTO's and get stuck at the net rpc vampire step: > I am able to join the linux machine, call it SERVER2, successfully to the > domain, DOM. However, when I call 'net rpc vampire -S SERVER1 -U > Administrator%secret' I get the error that my current domain and that of > the server are incompatible: > Your current domain SERVER2 (SID:xxxx) does not match the server's domain > DOM (SID:xxx). > > (Sorry, I'm paraphrasing the error output as I'm at home and don't have it > in front of me, but it's quite straightforward and contains no more useful > information than that.) > So even though it says that I've join the domain DOM, it still thinks I'm > in some domain with the name of the machine SERVER2. I've checked (as per > the error message) that the smb.conf has the > workgroup = DOM > security = user > > Also, if I run pdbedit -Lv it reports that the current domain is SERVER2 > rather than DOM. Running net rpc setsid DOM simply adds the SID of the > domain to secrets.tdb but doesn't switch its insistence of SERVER2 being > the domain rather than DOM. A call to net rpc testjoin says things are AOK > & that I'm in the domain DOM. Running net setlocalsid SERVER2 SID of DOM > changes the SID of the SERVER2 domain to be the same as the of DOM, but > just causes authentication errors when running net rpc vampire as it still > thinks that the domains have different names. > > Any suggestions as to how to resolve this problem would be most > appreciated. I'm guessing a way to simply reset the name of the domain it > thinks its in would work, but having not worked much with 3.0, I'm not > sure. (I've used 2.2, but it's been a while since I've set one up and not > in as large a network environment.)---- before running net rpc vampire command you need to set samba up as it were like a BDC and join the domain. BDC looks something like this... security = domain domain master = yes preferred master = no smbpasswd -j DOMAIN -r PDC_OF_DOMAIN -U Administrator%password net setlocalsid SID where SID is the SID of the existing NT4 domain but possibly the net rpc vampire sucks that in (I don't remember) Hope this helps Craig