We built a new server running Samba 3.0.23c and configured it to replace our corporate PDC that was running Samba 3.0.7. The PDC uses tdbsam and has the "admin users" directive defined. All user accounts were copied to the new server. Using the output of "net groupmap list" from the old server we mapped the windows accounts and SIDs to their unix group counterparts on the new server. When we started using the new server we experienced some problems, users could log in to the domain and access samba shares but not could not access windows shares on the domain. Also our Domain Admins had a uid of 0 as expected but could not perform administrative duties on pc domain members. We downgraded the system to samba version 3.0.21b and got it running properly performing the same steps. We would still like to upgrade to 3.0.24 though. Does anybody have an idea of what went wrong with our upgrade? Can anyone offer tips or instructions on how to upgrade from 3.0.21b to 3.0.24? Thanks, Gary
Felipe Augusto van de Wiel
2007-Feb-09 14:26 UTC
[Samba] Migrating from 3.0.7 to 3.0.23c problems
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/08/2007 05:03 PM, Gary Martin wrote:> We built a new server running Samba 3.0.23c and configured it to replace > our corporate PDC that was running Samba 3.0.7. The PDC uses tdbsam and > has the "admin users" directive defined. All user accounts were copied > to the new server. Using the output of "net groupmap list" from the old > server we mapped the windows accounts and SIDs to their unix group > counterparts on the new server. When we started using the new server we > experienced some problems, users could log in to the domain and access > samba shares but not could not access windows shares on the domain. > Also our Domain Admins had a uid of 0 as expected but could not perform > administrative duties on pc domain members. We downgraded the system to > samba version 3.0.21b and got it running properly performing the same > steps. We would still like to upgrade to 3.0.24 though. Does anybody > have an idea of what went wrong with our upgrade? Can anyone offer tips > or instructions on how to upgrade from 3.0.21b to 3.0.24?Did you check the Release Notes and WHATSNEW? There are a few changes between 3.0.21 and 3.0.24 that impacts the way that groups are handled. In our setup, we add users in Domain Admins group and that's enough to let them do administrative tasks on the clients, we also did the 'net rpc rights' to the Domain Admins group, considering that, we don't need 0-uid users. After 3.0.8 and 3.0.14 there are some changes in the way groups are handled and also other important changes on how Samba checks permissions and control access. Perhaps you could post your smb.conf and some logs so we can try to help you find out what are the missing points.> Thanks, > GaryKind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzIR7Cj65ZxU4gPQRAqN+AJ9dz4YVUGC26fH5AIdhv4ihHCZywgCgmlRk cKsOiviZYgwC/aAf7UJ4MII=Vr4+ -----END PGP SIGNATURE-----
Possibly Parallel Threads
- Samba 3.0.23c-1.fc5 problem - groups
- Multiple Group checking using ntlm_auth
- Samba 3.0.23c compatibility with openldap versions
- problems adding a computer to LDAP domain in 3.0.23c
- samba in centos 4.4: samba-3.0.10-1.4E.9 versus the latest from sernet samba3-3.0.23c-30