dahopkins@comcast.net
2006-Sep-21 02:49 UTC
[Samba] LDAP/Samba issues when replacing server
I hope that someone can let me know what I have done wrong. I need to replace and existing server (server1) with a new server (server2). Server1 is currently running LDAP/Samba (3.0.14). Profiles stored in /opt/samba/profiles I installed all of the pieces, and LDAP works (mostly, I have an issue, see below) I ran net getlocalsid DOMAINNAME on server1 used the SID value in net setlocalsid command on the new server. I then tried to import the old ldif but got errors about existing keys, so deleted the ldap database, and then imported the ldif obtained from server1 without errors. Checked with net getlocalsid DOMAINNAME that the SID returned was correct. Tried net getlocalsid which returned the same SID but for the local machine name (server2). Finally, net rpc getsid also reports the correct SID as being placed in the secrets.tbd file on server2. (The above is slightly different than on server1 for which net getlocalsid just returned an error about not being able to get the name). The two servers are at different versions of samba though. Old is at 3.0.14, while new is 3.0.23a, so perhaps this is to be expected. I can log on with any of the Linux LDAP accounts. BUT .... still have issue with Samba. In particular, none of the old profiles are recognized. I tried both nfs mounting /opt/samba to server1:/opt/samba as well as copying all of /opt/samba to the new server. When I log onto a Windows TS new profiles are created which is an issue since there are a couple of packages that have to be customized. In particular, every student has a TTL3.ini file in their WINDOWS directory (e.g. /home/student01/WINDOWS/TTL3.ini) With the old server, this file directory is recognized and the ini settings are applied. With the new server they are not. Additionally, on the Linux system, su - student01 just hangs. Same with any account. Similarly, running passwd dahopkins returns Changing password for user dahopkins. passwd: Authentication token manipulation error I guess things just aren't quite right yet. :0 So, can someone point me direction or offer a reason why the new server does not look the same to the Windows Terminal Server as far as account profiles are concerned? Thanks, Dave Hopkins Newark Charter School Newark Delaware
Felipe Augusto van de Wiel
2006-Sep-29 15:35 UTC
[Samba] LDAP/Samba issues when replacing server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/20/2006 11:48 PM, dahopkins@comcast.net escreveu:> I hope that someone can let me know what I have done wrong. > > I need to replace and existing server (server1) with a new > server (server2). Server1 is currently running LDAP/Samba > (3.0.14). Profiles stored in /opt/samba/profiles > > I installed all of the pieces, and LDAP works (mostly, I > have an issue, see below) > > I ran net getlocalsid DOMAINNAME on server1 > used the SID value in net setlocalsid command on the new > server. > > I then tried to import the old ldif but got errors about > existing keys, so deleted the ldap database, and then > imported the ldif obtained from server1 without errors. > > Checked with net getlocalsid DOMAINNAME that the SID > returned was correct. Tried net getlocalsid which > returned the same SID but for the local machine name > (server2). Finally, net rpc getsid also reports the > correct SID as being placed in the secrets.tbd file > on server2. (The above is slightly different than on > server1 for which net getlocalsid just returned an > error about not being able to get the name). The two > servers are at different versions of samba though. > Old is at 3.0.14, while new is 3.0.23a, so perhaps this > is to be expected. > > I can log on with any of the Linux LDAP accounts. BUT .... > still have issue with Samba. In particular, none of > the old profiles are recognized. I tried both nfs > mounting /opt/samba to server1:/opt/samba as well as > copying all of /opt/samba to the new server. When I > log onto a Windows TS new profiles are created which > is an issue since there are a couple of packages that > have to be customized. In particular, every student > has a TTL3.ini file in their WINDOWS directory (e.g. > /home/student01/WINDOWS/TTL3.ini) With the old > server, this file directory is recognized and the > ini settings are applied. With the new server they > are not.Did you copy the relevant tdb files?> Additionally, on the Linux system, su - student01 > just hangs. Same with any account. > > Similarly, running > > passwd dahopkins returns > > Changing password for user dahopkins. > passwd: Authentication token manipulation errorDid you run 'smbpasswd -w' to store LDAP password?> I guess things just aren't quite right yet. :0 > > So, can someone point me direction or offer a reason > why the new server does not look the same to the Windows > Terminal Server as far as account profiles are concerned?Looks like that not evertyhing was backedup and restored in the new server, and there are a few missing points.> Thanks, > Dave Hopkins > Newark Charter School > Newark DelawareKind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFHT0jCj65ZxU4gPQRAvIAAJ9lnyRhWpTWYxrLKGmKeTZ8cUO5rwCfWU1w ICkj42X4O/nGWnzsqTcAeKM=LwOp -----END PGP SIGNATURE-----