samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] Migrating samba domain to new computer.

Re: [Samba] Migrating samba domain to new computer.

From: John McMonagle <johnm_at_nospam>
Date: Fri Aug 27 2010 - 18:56:05 GMT

How about some more specific problems.

noticed that there is no localsid.
net getlocalsid
[2010/08/27 13:48:15, 0] utils/net.c:net_getlocalsid(708)
  Can't fetch domain SID for name: OSHKOSH

I have seen mention that the localsid should be the same as the domainsid
when using ldap.
Is that true?

Seen comments that the user sid for the administrator must end with -500.
Is that true?
Mine is not. it will be painfull to change but I can deal with it.



On Thursday 26 August 2010 02:44:51 pm John McMonagle wrote:
> Should have read this first:
> Problem is I did it the wrong way on a few production systems.
> Odds are this is the second time I did it wrong.
> Running Debian Lenny using smbldap.
> It mostly works.
> Existing members of the domain are working OK.
> The first thing that got my attention is was not able to join a new xp
> workstation to the domain.
> Also noticed that the server is not a member of the domain.
> net rpc testjoin
> [2010/08/26 14:20:26, 0]
> rpc_client/cli_pipe.c:get_schannel_session_key_common(2449)
> get_schannel_session_key: could not fetch trust account password for
> domain 'ADVOCAP'
> [2010/08/26 14:20:26, 0] utils/net_rpc_join.c:net_rpc_join_ok(87)
> net_rpc_join_ok: failed to get schannel session key from server FONDY for
> Join to domain 'ADVOCAP' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Can not join domain:
> net join -U administrator
> Enter administrator's password:
> [2010/08/26 14:25:48, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(349)
> error setting trust account password: NT_STATUS_ACCESS_DENIED
> tdbdump secrets.tdb
> does not show any entry for the server
> Looked at one of the old servers secrets.tdb
> and it did not have and entry for that server either.
> Any suggestions on the best way to fix this?
> John

-- To unsubscribe from this list go to the following URL and read the instructions: