Hi, Recently we changed our samba server to a bigger and more powerful system ( centos 5.2 ) The config file and smbpasswd and other passwd and group files were copied to the new server and it then assumed the same identity as the old one in the dns and ip address. It seems to have gone very well except we now seem to have a problem. There are windows XP workstations that were domain joined to the old server and now connect well to the new one. But if you try to login on one of these workstations with an ID that was not logged onto it previously it does not authenticate. The solution is to unjoin and then rejoin the workstation but there are a lot of them and we don't want to do that. Also it seems that this situation has arisen just recently and was working before on the new server and so I am wondering what could have happened earlier this week. If anyone can shed some light on this I would appreciate it. Our server version is Version 3.0.28-1.el5_2.1 Bill
> If anyone can shed some light on this I would appreciate it.Is the old server still running? I've seen clients connect to an old DC and change their machine account passwords with that server in a similar scenario.. Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: alex@longhill.org.uk
Bill Szkotnicki wrote:> Hi, > Recently we changed our samba server to a bigger and more powerful system ( centos 5.2 ) > The config file and smbpasswd and other passwd and group files were copied to the new server and it then assumed the same identity as the old one in the dns and ip address. > It seems to have gone very well except we now seem to have a problem. > There are windows XP workstations that were domain joined to the old server > and now connect well to the new one. > But if you try to login on one of these workstations with an ID that was not logged onto it previously it does not authenticate. > The solution is to unjoin and then rejoin the workstation but there are a lot of them and we don't want to do that. > Also it seems that this situation has arisen just recently and was working before on the new server and so I am wondering what could have happened earlier this week. >That info is held in the *.tdb files. Centos stores them in /var/cache/samba/. If the old & new server are both Centos, just copy them over from the old box. Stop samba first, make a backup copy - just in case, restart samba. The machines that you've rejoined to the new box will need to be rejoined again, but all others should be ok. The SID-to-UID mappings are in the tdb files too - it would probably be best to have all PCs reboot after the update - rejoin as needed. If the distros are different I think the tdb files are compatible, but I'm not sure. -- tkb
Bill Szkotnicki wrote:> Toby, > > I guess I am close to giving up on this but thank you for the suggestions. > We are going to discuss the logistics of rejoining all of the windows XP > machines that need to have more than one id logging on. > Do you know anything about profiles? > I want to run the logon.bat file but I do not want the server to provide > a profile ( see my config below ) > Is it possible to do this without having to set the windows XP profiles > off with gpedit.msc? > > logon script = netlogon.bat > logon drive = H: > logon path > domain logons = Yes > domain master = Yes > preferred master = Yes > os level = 255 > wins support = Yes > name resolve order = wins lmhosts >I've never messed with roaming or server stored profiles, so I can't tell you this is the right way to disable them. I set logon script = netlogon.bat, stored the script in the netlogon share, assigned "logon drive = " and "logon path = ", drive mounts are handled in the logon script. The logon script section in the smb.conf man page has more details. The profiles stay local to the machine from the onset this way, we set no local policy or registry settings regarding profiles. Users normally only logon to their own PC, we backup the local profiles through a separate process. -- tkb