[Samba] How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
Rowland Penny
rowlandpenny at googlemail.com
Tue Dec 9 04:41:11 MST 2014
On 09/12/14 11:22, Denis BUCHER wrote:
>
>
> Dear Marc, Dear Rowland,
>
> Le 08.12.2014 23:01, Marc Muehlfeld a écrit :
>
>> Am 08.12.2014 um 22:55 schrieb Rowland Penny:
>>
>>> Hi, It sounds very much like a SID problem to me. the user 'Fred' with the SID-RID 'S-1-5-21-4036476082-4153129556-3089177936-1005' is **NOT** the same user as 'Fred' with the SID-RID 'S-1-5-21-2025076216-3455336656-3842161122-1005' You need to change the domain SID on the new PDC to match the SID on the windows machines.
>> Denis, is this a _new domain_ (with the same name)? Or just a _new
>> server_ where you placed the profiles. If it's a _new domain_, then
>> Rowland is surely right and it is an SID problem. But you talked about a
>> _new server_. Please be more clear about your environment.
>> Regards,
>> Marc
> Yes, you're right, I must clarify a little more on this point:
>
> You were right, what we *WANT* to do is simply to replace the old PDC
> under Samba 3 by the new PDC under Samba 4. (Simply a new server). But
> what we *DID*, is in fact to configure a _new domain_ with the same
> name.
>
> Therefore, I agree that it the problem is SID related, and if I
> understand you correctly, this is the wrong way to do it! We should
> instead configure a new server with same domain, right?
>
> Thank you very much for your appreciated help,
>
> Best regards,
>
> Denis
>
OK, If you just want to have a new replacement PDC, you need to:
A) Install your OS of choice
B) Install samba4
C) Get the Domain SID from your old PDC
D) Use your old smb.conf as a template for your new one, checking that
all the old lines are still valid, refer to 'man smb.conf'. If you have
a 'socket options' line in your old conf file, remove it!, you are
likely to be making things worse.
E) run 'net setdomainsid <SID YOU GOT EARLIER>'
F) start smbd,nmbd & winbind
If it is possible, use the same ipaddress & hostname of the old server
for the new server.
Rowland
More information about the samba
mailing list