[Samba] Profiles change when migrating from NT4 to Samba PDC

Philip Washington phwashington at comcast.net
Sat Oct 8 14:29:52 GMT 2005

Craig White wrote:
> On Fri, 2005-10-07 at 17:52 -0700, Craig White wrote:
>> On Fri, 2005-10-07 at 19:22 -0500, Philip Washington wrote:
>>> After migration of an NT4 domain to Samba we find that when users log in 
>>> they have a new profile.  Since we cannot deal with this on all of the 
>>> computers with all of the users we have had to stop the migration.
>>> I have searched through the archive and not been able to find any 
>>> answers to this issue,  I did find a relevant article though and 
>>> apparently they didn't have an answer in 2002. 
>>> http://lists.samba.org/archive/samba/2002-August/050163.html
>>> Has anyone found a way to resolve this?
>>> We are not using roaming profiles.
>> ----
>> I am hoping that you really aren't looking for wild speculation as to
>> what may be the problem. Some things that you should consider sharing
>> with us so that we might be able to make a useful suggestion...
>> samba version ?
>> SID ? 'net getlocalsid' does this match the SID of the domain that the
>> machines that were already joined to the domain? Did you actually 'net
>> setlocalsid' to match?
>> from your smb.conf
>> passdb ?
>> logon path = ?
>> security = ?
>> domain logons = ?
>> domain master = ?
>> preferred master = ?
>> If we took an example of one or two users who had a problem with their
>> profiles...what's output of things like
>> pdbedit -L USER_NAME ?
>> does the profile path actually work? Is it reachable from a Windows
>> system? 
>> privileges on profile server permit access?
>> otherwise, I would just say that you're having a bad day.
> ----
> I should have pointed out...
> logon path =
> (that's right - blank) prevents roaming profiles
> and perhaps, because I am not very smart and was trying to populate LDAP
> with which I was pretty unfamiliar, I had to run through the vampire
> process a lot of times before I got everything working the way I wanted
> it. My second time doing the vampire thing to LDAP was considerably
> easier. Even though the documentation was excellent, the devil is in the
> details.
> Craig
Sorry if this is a double post, but I believe that I replied directly to 
Craig instead of to the group.

We transfered the DOMAINA from NT4 to SambaPDC-LDAP
logged TESTUSER1 onto TESTMACHINE1 and were able to authenticate without 
getting roaming profiles.
The user and Machine had been transfered from the NT4 PDC
We then tried another machine MACHINE2 and were able to log in using 
We then tried logging in USER2 onto MACHINE2 and were able to get 
authenticated, but the desktop changed the, Outlook treated this as a 
new user and USER2 was not able to open files with his specific user 
We worked on trying to resolve this for a day, but we had already gone 
through about 3 days with vampire issues and roaming profile problems.

Did we miss something and incorrectly do something when using vampire.  
We were trying to follow the directions, I believe it was Ch8 in Samba3 
by example.

We are contemplating whether to try this again, but if we can't resolve 
this we may have to throw in the towel.  We have to many users and 
machines with diverse application setups to try and work around this 

I was under the impression that once the PDC was transferred then USER2 
could log into the MACHINE2 and not have any indication that there was a 
difference in the platform the PDC was running on or that there had been 
a change.

More information about the samba mailing list