[Samba] Transparent domain migration

Eduardo Gimeno edu at casagimeno.com
Thu Nov 17 16:19:53 GMT 2005


We are using Samba 2.2.12/Linux in all the servers, and frequently we need
to migrate all the users from one (old) server to anohter (new) one. Both
share the same configuration (same distro, same kernel, same smb version,

We need to achive what we call a "Transparent migration"... I mean, being
able to move all the user and machine accounts from one server to another
in a way that there is no need to make any changes in the client computer
(Windowx XP).

What we are doing now is:

1.-Change netbios and workgroup in new server, setting the same as the old
2.-Copy the "samba SID" (S-1-....) from the old to the new server
3.-Create the user accounts in Linux and Samba in the new server, using
the same ID from the old server
4.-Create the machine trust accounts in the new server, with the same ID
from the old one.

We use roaming profiles, and it is prefectly installed and working in the
samba server.

After this, all the computers log in correctly in the new server, showing
no error, but SOMETIMES, lately most times, we have a problem in which,
only the last user can log in the computer after the migration, and NO
OTHER USER IN THE DOMAIN can log in that computer. That repeats on every
computer in the domain. I mean, every user can log in his computer, but in
no other one.

Sometimes we try to copy secrets.tdb and smbpasswd from the old one, but
we get no result.

I would appreciate any reply woth help for this, we are wasting a lot of

Thanks a lot in advance!


More information about the samba mailing list