[Samba] Samba 2.2 to 3.0.9 DC upgrade problems

John H Terpstra jht at Samba.Org
Wed Jan 12 21:06:03 GMT 2005

On Wednesday 12 January 2005 12:09, Hans du Plooy wrote:
> Hi all,
> I just replaced a client's SUSE 8.0/Samba 2.2 DC with a SUSE 9.2/Samba
> 3.0.9 DC.  Drives were giving trouble, and since that box was a first
> attempt at a linux DC there was a lot of room for improvement.
> I copied the profiles and home directories over to the new machine, chowned
> them to the new users.  I also did extracted the securid from the old DC
> and set it to the new one (using the net command).  I expected the clients
> not to notice.  Oh dear...
> First off, the Windows 98 clients, stupid as they are on a network, didn't
> notice at all.  But the Windows 2000 and Windows XP Pro ones had trouble.
> They all logged in fine, but they all had all sorts of weird problems.  For
> example, upon starting outlook, it did the whole
> install-the-user-specific-stuff routine you get when you run it for the
> first time.  I ended up having to rename the profile and have it create a
> new one. Lot's of unhappy users....
> Can anyone tell me what I did wrong?  My suspicion, in hindsight, is that
> the local copy of the profile on each client, belongs to the domain user,
> as identified by it's userid (I'm sure I've seen windows refering to a
> "Unix user 514" or something similar before), and that the user id has
> changed (which it has - SUSE 8.0 maps users from 500 up, 9.2 from 1000 up).
>  Can anyone shed some light?

Windows NT/2KX stores the Windows SID as an access control identifier inside 
the profile file NTUser.DAT. If you do not replace the SID inside this file 
with the new SID on from the new server then your users will not be able to 
access their profiles - i.e.: It just will not work as you have seen.

You can recover the SID from the old system by running (for Samba-3):

	net getlocalsid

You can set the SID on the new server by running:

	net setlocalsid S-1-5-21-XXXXX-XXXXX-XXXXXX

Note: The SID must be the one you obtained from the old server.
Additionally, you must ensure that each user has the same UID and GID as they 
were on old server.

- John T.

> Thanks
> --
> Kind regards
> Hans du Plooy
> Newington Consulting Services
> hansdp at newingtoncs dot co dot za

John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list