[Samba] How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")

Tue Dec 9 07:05:02 MST 2014

Hi Denis,

Just invade if you also upgrade to AD DC. 

Looking and the Classical upgrade guide on wiki. You have to follow that. 

> Rowland Penny <rowlandpenny at googlemail.com> 於 2014年12月9日 19:41 寫道：
> 
>> On 09/12/14 11:22, Denis BUCHER wrote:
>>  
>> Dear Marc, Dear Rowland,
>> 
>> Le 08.12.2014 23:01, Marc Muehlfeld a écrit :
>> 
>>> Am 08.12.2014 um 22:55 schrieb Rowland Penny:
>>> 
>>>> Hi, It sounds very much like a SID problem to me. the user 'Fred' with the SID-RID 'S-1-5-21-4036476082-4153129556-3089177936-1005' is **NOT** the same user as 'Fred' with the SID-RID 'S-1-5-21-2025076216-3455336656-3842161122-1005' You need to change the domain SID on the new PDC to match the SID on the windows machines.
>>> Denis, is this a _new domain_ (with the same name)? Or just a _new
>>> server_ where you placed the profiles. If it's a _new domain_, then
>>> Rowland is surely right and it is an SID problem. But you talked about a
>>> _new server_. Please be more clear about your environment.
>>> Regards,
>>> Marc
>> Yes, you're right, I must clarify a little more on this point:
>> 
>> You were right, what we *WANT* to do is simply to replace the old PDC
>> under Samba 3 by the new PDC under Samba 4. (Simply a new server). But
>> what we *DID*, is in fact to configure a _new domain_ with the same
>> name.
>> 
>> Therefore, I agree that it the problem is SID related, and if I
>> understand you correctly, this is the wrong way to do it! We should
>> instead configure a new server with same domain, right?
>> 
>> Thank you very much for your appreciated help,
>> 
>> Best regards,
>> 
>> Denis
> 
> OK, If you just want to have a new replacement PDC, you need to:
> 
> A) Install your OS of choice
> B) Install samba4
> C) Get the Domain SID from your old PDC
> D) Use your old smb.conf as a template for your new one, checking that all the old lines are still valid, refer to 'man smb.conf'. If you have a 'socket options' line in your old conf file, remove it!, you are likely to be making things worse.
> E) run 'net setdomainsid <SID YOU GOT EARLIER>'
> F) start smbd,nmbd & winbind
> 
> If it is possible, use the same ipaddress & hostname of the old server for the new server.
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba