[Samba] permission-problems after changing pdc-hardware and samba-version

[Karel Zeman]

hi everybody,
i would very appreciate it if somebody could give me some advice to the 
following problem - thank you in advance,
karel.
***************************************
the problem(s):
- after changing pdc (hw and samba-version, see below) the 
domain-adminstrator user is not able to manage users in the citrix environment:
the error maessage: user xxx is not prileged to ..., can not enumerate the 
domain yyy
deleting the user-profile and creating new user doesn't help
- all domain-admins have lost their permissions
- all "standard" users can log-in and access their data

the environment:
- w2k0 and w2k3 enterprise servers
   with terminal-service and citrix presentation server 4.0
- 60 clients w2k0 and wxp
- samba passdb backend = smbpasswd
- local user profiles (rendered from same "default user")
- one pdc:  domain master, master browser, etc
- all in one windows-domain, one subnet

replaced:
the pdc
from solaris8, samba 3.0.13
to CentOS 4.3 (redhat 2.6.9-34.0.2.ELsmp i386), samba 3.0.23-SerNet-RedHat 
(rpm from enterprisesamba.org), no major changes in smb.conf

procedure:
- hostname and netbiosname same as the old one
- copy smb.conf and smbpasswd, save "old" sid
- delete all caches and secrets.tdb
- create new secrets.tdb (setlocalsid <oldsid>)
- start samba
- net groupmap.... (for all groups)
- net rpc info -Uroot%<password> and getlocalsid both return the correct 
sid (= oldsid)
- the only difference are rid's but either setting them to the old values 
doesn't help
*************************************************************************