Problems moving PDC from 2.04 to 2.1alpha

Dave.Stevenson at durham.ac.uk Dave.Stevenson at durham.ac.uk
Mon Sep 27 18:17:56 GMT 1999 

> 
> Hi,
> 
> I'm trying to migrate the network PDC duties from a file server running
> Samba 2.04 to another PC running Samba 2.1 alpha. The original server
> will continue to share the netlogon and profile directories.


I'm seeing similar problems having migrated a 2.0.0alpha Samba PDC 20/9/98 -> 2.1 10/9/99
I use NIS in the same way but don't think its that.

The mapped groups being empty is in the NT dom archive (July I think) but
basically you have to put the unix user id's in the group file like:-

mygroup::123:userid1,userid2,userid3 etc etc. then they show up in the user manager

(assuming you have set up groups similar to the NTDOM FAQ suggestion ) 
domaingroup.map   then has to have an entry like

mygroup="Domain Users"

so that the Local Group  "Users" on the workstations picks up user ids as valid
users ( Users local group  contains the Domain Users global group by default)

That populates your group and solves the roaming profiles being downloaded and being owned by an 
"Unknown Account" that denies permission to the intended owner......

Think that will help with your situation too.

BUT

I still get messages from my logon.bat file saying

Error 3678
An error occurred while saving your profile. The state of your remembered
connections has not changed. ( when trying NET USE .... commands) Other
commands NET TIME etc are fine.

This suggests that I still have a permissions problem somewhere. If I delete
the profile and allow the system to build a new one everything works fine but of
course all the users settings are lost. 

Thinking out load here but...
Only my NTConfig.POL and the server software has changed, and SID's for the domain
controller and the smbpasswd file were carefully frozen and transferred. So I have to
conclude that something in NTUSER.DAT is to blame or maybe the user is now
identified slightly differently since they have a group membership now. Was the
"group" membership kludged in some way in the past...or is it way more complex
than this? 
Short of combing through NTUSER.DAT looking for needles, or resetting ALL user profiles I'm not
sure how to solve it.

Anyone any ideas, know of tools to compare NTUSER.DAT files in a meaningful way?

> 
> I moved smbpasswd and SID files from the old server to the new one. 
> 
> Users can login, and Desktop, Favourites and other  folders in the
> profile directory are read OK. However, there are some serious problems:
> 
> - All registry type configuration settings are gone. Users desktop
> patters, IE & Outlook configs etc seem to have vanished, although all
> files including NTUSER.DAT are still present.
> 
> - Local group membership no longer works: users that should be local
> administrators can't even share folders.
> 
> - Group mapping doesn't seem to work. I can see the mapped groups in the
> User Manager for Domains, but they are empty. 
> 
> It /looks/ as if each user has the correct password and name, and so can
> log in to the profile, but gets the wrong (different) ID, so NTUSER.DAT
> is unuseable.
> 
> The new server uses NIS to get user names from the original server. Is
> it this, or the way I copied over the smbpasswd and .SID files to the
> new server?
> 
> Any help would be greatly appreciated.
> 
> Thanks,
> 
> Pete Birkinshaw

More information about the samba-ntdom mailing list