[Samba] RH9 to RH Enterprise: PDC migration from one operating system to another

Jose Luis Viñas vinas_jlu at gva.es
Tue Aug 24 18:38:30 GMT 2004 

I had to migrate to RedHat Enterprise Linux ES 3.0.  Actually I had to
do is a complete OS install, NOT an upgrade.
What this means is that I had to reinstall Samba and configure it.
I'm using Samba 3.0.4-6.3E (a Redhat rpm) with smbpasswd as password backend.

My pourpose was to be seamless to the end users. Without changes at PC users.  I will be using the same 
physical server, but in effect it will be a new server, new OS, new 
version of Samba.

I Backed-up the server configuration:

Files:  
  /etc/passwd 
  /etc/shadow
  /etc/group
  /etc/gshadow

Directories:
  /etc/samba
  /usr/lib/samba 
  /home/samba 
  /var/spool/samba

And I copied to the "new server (the same machine, domain and netBIOS name)" EXCEPT the secrets.tdb file.

The new PDC is working in appearance: Users and machines can log into the network and reach the resources.
But:

-Clients with roaming profiles is unable to get hold of its profile and uses a local copy.
-Windows NT servers (members of the domain) are out of the domain. I have to join it again.
-Network resources from Windows machines have loose domain users permisions. Domain users changed loose their SID and I have to set the user permisions again.
-W2000 clients don't execute the logon script.
-The web based application "changepassword" doesn't work properly: Users can change their password but then they can't logon.
 They have to change to their old password to enter in the domain.
-System registry entries (10-25 per second) like this:
 Aug 12 08:39:07 iveserver smbd[18986]: [2004/08/12 08:39:07, 0] smbd/service.c:make_connection_snum(535)
 Aug 12 08:39:07 iveserver smbd[18986]:   Can't become connected user!


I know that mostly of this is because domain's SID has changed.

If I copy the old secrets.tdb, I suppouse that get the old domain's SID:
-The network resources from Windows machines recover the old domain users permisions.
-When  I take a PC from the original Domain and connect it to the test network and reboot the machine, I get an error stating that it can't find the domain even though the machine has a linux account and a samba account 
(both copied from the old Domain).
-I can't log into the domain from PCs with any domain user account, I can do it with the user accounts that are defined in the PC only.


I'll thank any ideas. This is a production server.

More information about the samba mailing list