Matthew Western, IT Support, Lonsdale
2004-Aug-19 01:32 UTC
[Samba] Active Directory Migration Tools - breaks samba 2.x.x?
Hi, We are migrating from an NT domain to a 2003 AD and using the migration tools to nicely move the users across. However, we have just realized that a user created manually can see a samba 2.0.6 server no worries, but a user that has been migrated using the Migration Tools gets an access denied. Anybody come across this one before? It's probably some bodj work around from microsoft that they've plonked in to make it work and samba playing by all the normal rules goes 'huh, that's now allowed'. I thought it might be the SID migration option that we have turned on so all the permissions come across nicely but the test user I migrated, with no SID mig, still did the same thing? Anybody had this and figured a fix? I know how to work around it, but each user migration suddenly becomes a headache if I can't use the migration tools..... Thanks Matthew
Paul Gienger
2004-Aug-19 02:01 UTC
[Samba] Active Directory Migration Tools - breaks samba 2.x.x?
Matthew Western, IT Support, Lonsdale wrote:> <>Hi, > > We are migrating from an NT domain to a 2003 AD and using the migration > tools to nicely move the users across. However, we have just realized > that a user created manually can see a samba 2.0.6 server no worries, > but a user that has been migrated using the Migration Tools gets an > access denied.Is this a typo? *2*.0.6? I doubt that an old version of that vintage has any chance with Windows 2003-AD. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com
Matthew Western, IT Support, Lonsdale
2004-Aug-19 02:03 UTC
[Samba] Active Directory Migration Tools - breaks samba 2.x.x?
OK. Further info. If I don't migrate the SID on a new user it allows access to the box. Now I've gotta figure out how to generate new SIDs for the users already moved across... And test to see if access still works when the SID isn't migrated across.... -----Original Message----- From: Matthew Western, IT Support, Lonsdale Sent: Thursday, 19 August 2004 11:05 AM To: samba@lists.samba.org Subject: [Samba] Active Directory Migration Tools - breaks samba 2.x.x? Hi, We are migrating from an NT domain to a 2003 AD and using the migration tools to nicely move the users across. However, we have just realized that a user created manually can see a samba 2.0.6 server no worries, but a user that has been migrated using the Migration Tools gets an access denied. Anybody come across this one before? It's probably some bodj work around from microsoft that they've plonked in to make it work and samba playing by all the normal rules goes 'huh, that's now allowed'. I thought it might be the SID migration option that we have turned on so all the permissions come across nicely but the test user I migrated, with no SID mig, still did the same thing? Anybody had this and figured a fix? I know how to work around it, but each user migration suddenly becomes a headache if I can't use the migration tools..... Thanks Matthew -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Matthew Western, IT Support, Lonsdale
2004-Aug-19 02:46 UTC
[Samba] Active Directory Migration Tools - breaks samba 2.x.x?
Sadly it's not a typo. I think we've worked around it for the time being. We have to upgrade to 3.x.x anyway to validate off the AD domain. It was the SID migration that was causing it grief. This box is an alpha running HP Unix and samba 2.0.6. can you believe this systems is an in house system that uses both sockets and lots of mapped drives to chuck it's data everywhere. It's a complete nightmare... -----Original Message----- From: Paul Gienger [mailto:pgienger@ae-solutions.com] Sent: Thursday, 19 August 2004 11:31 AM To: Matthew Western, IT Support, Lonsdale Cc: samba@lists.samba.org Subject: Re: [Samba] Active Directory Migration Tools - breaks samba 2.x.x? Matthew Western, IT Support, Lonsdale wrote:> <>Hi, > > We are migrating from an NT domain to a 2003 AD and using the > migration tools to nicely move the users across. However, we have just> realized that a user created manually can see a samba 2.0.6 server no > worries, but a user that has been migrated using the Migration Tools > gets an access denied.Is this a typo? *2*.0.6? I doubt that an old version of that vintage has any chance with Windows 2003-AD. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com