[Samba] User Data / Profiles / Permission / Mappings Loss from Samba to Samba Migration

[Fanying Jen]

We checked the SID on both the old Samba and the new Samba (both of which 
are version 2.2.8a) and they identical. We noticed that the SID for the 
users no longer map properly and we had to put all of the users back in 
manually. Once the users were in, the users were able to launch their 
applications. The only difference between the two setup is the old Samba 
uses LDAP authentication while the new Samba uses the /etc/samba/smbpasswd 
file. Unix system accounts and information are identical on both systems. 
It is that SID numbers of calculated differently on an LDAP back end and a 
smbpasswd file back end?


On Mon, 17 Nov 2003, John H Terpstra wrote:

> On Mon, 17 Nov 2003, Fanying Jen wrote:
> 
> > We have completed a migration from one Samba server to another Samba.
> > The versions and binaries are exactly the same. The only difference
> > between the two configs is that the original Samba server used LDAP for
> > authentication and the new Samba server uses the flat files for
> > authentication (smbpasswd file).
> >
> > Here is the problem: On a Windows 2000 file server, we have folder
> > shares.  Users can log on via Samba, but permissions to the shared
> > folders are all screwed up.  When I review the permissions in the
> > sharing tab on the 2000 server I noticed that none of the user names are
> > listed, just some sort of serial number (e.g. S-xxxx-xxxx-xxxx-xxxx).
> 
> That number is the SID (security identifier your user has/had). Every
> domain / server has it's own SID. Did you updte the new server SID to that
> of the old one?
> 
> On samba-2.2.x the tool to retrieve the domain SID is:
> 	smbpasswd -S 'Domain_Name'
> 
> To write it on samba-2.2.x:
> 	smbpasswd -W S-1-5-...
> 
> On samba-3.x to read the SID:
> 	net getlocalsid
> 
> To write on samba-3.x:
> 	net setlocalsid S-1-5-....
> 
> - John T.
>