[Samba] PDC from 2 to 3, SID headaches

Marco De Vitis starless at spin.it
Sat Sep 11 01:48:06 GMT 2004 

Hello,
I'm doing a migration of a PDC from Samba 2.2.8a on Mandrake Linux 9.0 to 
Samba 3.0.6 on Debian Woody (stable), both on the same machine, different 
partitions, they do not run simultaneously. And I really need help. :-/

I could not find a detailed guide, so after having a look at the migration 
chapter of the official howto, I adapted my smb.conf keeping the same host 
and domain name, copied needed users by hand (by copy&paste from/to 
passwd, shadow, group, gshadow and smbpasswd files, verifying that no IDs 
conflicted), got the 2.2.8a domain SID with smbpasswd -X and imported it
in the 3.0.6 domain with net setlocalsid.
I don't think I have anything else necessary, in other tdb files.

Now, maybe the problem was the last step: after doing it on the Samba 3 
domain, "net getlocalsid" and "net getlocalsid <domain_name>" returned two 
different values, which is not a good thing according to 
www.richardsharpe.com. Indeed, with net setlocalsid I did set the SID for 
the server, but HOW can I set the SID for the domain??

Anyway, the result was that Win2000 clients (I tested only one) could not 
load user profiles from the server, because "a copy with wrong permissions 
already exists on the server" or something like that. But users could 
access shares regularly.
I could not find any special hints in logs at level 4.

So I removed the client from the domain, and then made it join again. The 
result: no more errors at login, but most user settings are not loaded, 
and all local user/group mappings on the client have disappeared! This is 
a disaster for me, as domain users need to belong to the local Power Users 
group to use some crap applications, and I really do not like the idea of 
going through all clients again to assign users to groups. 8-/

I then tried making domain and server SID the same, copying the domain SID 
to the server (so both were different from the 2.2.8a one, but 
unfortunately I can't find a way to do the opposite). Had to remove/join 
the client again, and the problem stays the same, if not even worse.

I also tried copying secrets.tdb over from the 2.2.8a installation, but
nothing seemed to change.

I then rebooted back on Mandrake with the old version, rejoined the client
in the old domain, and everything started working fine again, including
user/group mappings.

I really need some detailed suggestions on what I might be missing.
Thank you very much.

I'm also having problems with VFS modules and charsets, but these will 
come later. ;) Making the new PDC basically work is my current priority.

-- 
Ciao,
  Marco.

..."Stupid Dream", Porcupine Tree 1999

More information about the samba mailing list