samba - Feb 2007 - Migrating from 3.0.7 to 3.0.23c problems

We built a new server running Samba 3.0.23c and configured it to replace
our corporate PDC that was running Samba 3.0.7.  The PDC uses tdbsam and
has the "admin users" directive defined.  All user accounts were
copied
to the new server.  Using the output of "net groupmap list" from the
old
server we mapped the windows accounts and SIDs to their unix group
counterparts on the new server.  When we started using the new server we
experienced some problems, users could log in to the domain and access
samba shares but not could not access windows shares on the domain.
Also our Domain Admins had a uid of 0 as expected but could not perform
administrative duties on pc domain members.  We downgraded the system to
samba version 3.0.21b and got it running properly performing the same
steps.  We would still like to upgrade to 3.0.24 though.  Does anybody
have an idea of what went wrong with our upgrade?  Can anyone offer tips
or instructions on how to upgrade from 3.0.21b to 3.0.24?

Thanks,

Gary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/08/2007 05:03 PM, Gary Martin wrote:
> We built a new server running Samba 3.0.23c and configured it to replace
> our corporate PDC that was running Samba 3.0.7.  The PDC uses tdbsam and
> has the "admin users" directive defined.  All user accounts were
copied
> to the new server.  Using the output of "net groupmap list" from
the old
> server we mapped the windows accounts and SIDs to their unix group
> counterparts on the new server.  When we started using the new server we
> experienced some problems, users could log in to the domain and access
> samba shares but not could not access windows shares on the domain.
> Also our Domain Admins had a uid of 0 as expected but could not perform
> administrative duties on pc domain members.  We downgraded the system to
> samba version 3.0.21b and got it running properly performing the same
> steps.  We would still like to upgrade to 3.0.24 though.  Does anybody
> have an idea of what went wrong with our upgrade?  Can anyone offer tips
> or instructions on how to upgrade from 3.0.21b to 3.0.24?
	Did you check the Release Notes and WHATSNEW?  There are
a few changes between 3.0.21 and 3.0.24 that impacts the way that
groups are handled.

	In our setup, we add users in Domain Admins group and
that's enough to let them do administrative tasks on the clients,
we also did the 'net rpc rights' to the Domain Admins group,
considering that, we don't need 0-uid users.

	After 3.0.8 and 3.0.14 there are some changes in the
way groups are handled and also other important changes on how
Samba checks permissions and control access.

	Perhaps you could post your smb.conf and some logs so
we can try to help you find out what are the missing points.

> Thanks,
> Gary
	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFzIR7Cj65ZxU4gPQRAqN+AJ9dz4YVUGC26fH5AIdhv4ihHCZywgCgmlRk
cKsOiviZYgwC/aAf7UJ4MII=Vr4+
-----END PGP SIGNATURE-----