[Samba] Mixed domain types - ADS.

sharif islam sharif.islam at gmail.com
Tue Nov 23 21:46:30 GMT 2004

On Tue, 23 Nov 2004 14:03:48 -0500, Rashaad S. Hyndman
<islandbwoy at toughguy.net> wrote:
> I have a question that seems to be an issue when authenticating users for
> ADS.  Before we went to AD we had a 2k domain called Enterprise.  Since then
> we created a domain called Corporated.net and all went well. Now i'm trying
> to add my samba server to that domain but when users log in with their old
> accounts (ie. Enterprise\username) the Samba server does not authenticate
> that user against the DC.  How do i let samba know that my CorporateD.net
> and Enterprise domain users should be authenticated against the same DC?

If I understand you correctly, you are trying to move the samba
machine from a win2k domain to an AD domain. I did something similar
couple months ago -- moved my samba server from NT to AD domain.

Winbind is looking for the old sid from the Enterprise domain. Say,
user joe had gid 12345 in the old domain for a group called mygroup.
When the samba machine is taken off that domain the group name will
get transferred to the gid/uid. Then if you add the same machine to
the AD domain it will try to map gid 12345 to a SID. But 12345 will
map to a different group in the new domain. In my case , I got errors
like 'could not convert 12345 to SID'.  I am guessing you are getting
the 'Could not fetch' error for the same reason.


More information about the samba mailing list