[Samba] Trouble replicating samba

[Gémes Géza]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Borja Pacheco írta:
| Dear all,
|
| I'm experencing a big trouble with samba and an instalation we had at my
| enterprise's intranet. This intranet is based on a Samba server v2 wich
| acts as Primary Domain Controller, wins server and file server. All
| these features works great nowadays.
|
| Our issue, is with a newest server that we are interested to replace the
| previous samba server in order to improve the performance and
| realibility to our users. For this reasen we have installed the samba
| daemon in this machine (keeping samba version, but minor version
| numbers) and we have copied everything from one server to the other, I
| mean, smb.conf, lmhost, smbpasswd, etc, and we have updated the smb.conf
| to change the IP address and netlogon name. Of course, we have updated
| the system's groups and users, and syncronize data.
|
| When we startup the service on the newest one (after shutting down in
| the other), we noticed that samba becomes domain master, master browser
| and that we can access files through smbclient. The trouble is with the
| MS Windows clients, which can't register in the domain anymore, Windows
| tell us that the machine account doesn't exist or the password is wrong.
| These accounts were created with smbpasswd -a -m, so they exists. So it
| seems to, that the autonegociated password is failing.
|
| Does anybody knows why is it failing? Is it related with the SIDs? What
| are these SIDs? Could you suggest me a solution?

Depending on your Samba version:

2.2.x
You should start your old Samba instalation, then on your new machine as
root you should do smbpasswd -S (Terebly sorry I'm not 100% about the -S
switch, I used last time 2.2.x long time ago, about a year, so please
read its manpage first)
3.0.x
Start your old Samba installation. Run net getlocalsid. Note the string
(S-...) obtained. Shut it down. Start up the new Samba installation, and
run net setlocalsid the_previously_noted string

After doing that you will need to rejoin thoose machines, which were
rejoined :-( .

Setting the correct SID is vital in the Windows world, since Windows
operating systems identify all security objects: domains, users, groups,
and computers, by their SID.

| PD. we tried to remove a Windows client from the domain, and latter,
| register it again. And it seems to work, but we have to waste lots of
| time on every client, and we have more or less 300...

Best Regards

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAVhxW/PxuIn+i1pIRAqqoAJ0a24t6KaBMbPwsu80u3G2269ECugCfcirt
YndVsNv3dreC/4AbbTuMQ7Y=
=ulxl
-----END PGP SIGNATURE-----