[Samba] Some curious problems migrating from 3.0.10 to 3.0.23c on new server

Frank Matthieß samba-ml at netgate-it.de
Wed Oct 25 16:58:05 GMT 2006 

Hello all,

at this point i'm at the end of my ideas, so i ask here, at what  point
i ran in this problem. Hopefully some give advices to the proper direction.

The plan: An old debian woody machine with samba 3.0.10-1 should
migrated to an new hardware with debian etch and samba 3.0.23c-2.

My simple idea was to copy all configuration files and also the
passdb.tdb, secrets.tdb and group_mapping.tdb to the new machine and
start with the same smb.conf

The secrets.tdb was set by me with "net getlocalsid DOM" on old machine
and set with "net setlocalsid" on new machine.

Being at customer site everything runs quite well up to the point where
i want to reuse the win xp pro running inside a vmware-server 1.0.1,
which is running on the same machine that runs samba.

This machine wont speak with the domain controller. The network setup is
ok, ip is checked with a browser. After login in to the account, the
roaming profile shoukld download from the server to the win xp pro
station. This fails with the error message, that a local profile can't
be created and it uses now a temorary one.

>From within the temp profile i want to access to the file on the server.
Afer a little setup time i get the root dir of the shar. If i now want
to acces to a subdir inside the windows explorer, it needs minutes to
show me the content of the dir. If i want to copy from that share it
begins to copy to the local disk and faild after some minutes with the
message the the remote side doesn't answer. This is quite wrong, because
i take a look at the ip traffix with tcpdump. tcpdump shows me, that the
wins xp pro doesn't send pakets to the samba server.

The same logon on a physical machine runs quite well, so i certain that
i run in trouble with vmware-server.

Back at home i reconstruct the failed environment with the new failing
server.

First i double check all information between old and new machine,
espacially the sid's of domain, users and groups. They are all correct
execpt for the primary group of user "root" which is my samba admin account.

The old primary group sid is:
	S-1-5-21-2146647452-3966990659-3180625979-1001

The new primary group sid is:
	S-1-5-21-2146647452-3966990659-3180625979-512

The old group mapping:
>  server-sued:~# net groupmap list
>  System Operators (S-1-5-32-549) -> -1
>  Replicators (S-1-5-32-552) -> -1
>  Guests (S-1-5-32-546) -> -1
>  Domain Users (S-1-5-21-2146647452-3966990659-3180625979-513) -> domusers
>  Power Users (S-1-5-32-547) -> dompowerusers
>  Print Operators (S-1-5-32-550) -> -1
>  Administrators (S-1-5-32-544) -> domadmins
>  Domain Admins (S-1-5-21-2146647452-3966990659-3180625979-512) -> domadmins
>  Account Operators (S-1-5-32-548) -> -1
>  Domain Guests (S-1-5-21-2146647452-3966990659-3180625979-514) -> -1
>  Backup Operators (S-1-5-32-551) -> -1
>  Users (S-1-5-32-545) -> domusers

After all this checks and tests, i create a new fresh win xp pro install
inside vmware. First fresh install i join inside the setup process to
the domain DOM. I got the same results as before. The communication fails.

The second install i try i create first a workgroup setup an joined
later to the domain DOM. I got the same problem.

After that i create a new user on my "broken" new samba setup and try to
logon with the win xp pro inside the vmware. This runs (?!??!11?).

This brings me back to the idea that my migration was broken. So i
checked again all sid's.... with the result described above. This check
is also checked by a collegue of mine.

Next idea, which hit me last night at 4:00  ;-) , th do at net rpc vampire
from the old to the new samba setup. I set the new machine with "domain
master = No" in bdc mode and redirect the wins setup to the wins running
on the pdc at the remote site. The join of the new machine was
successfull, but the vampire wasn't.

Now i'm at the end of ideas to solve the problem. Do someone had some
hints, ideas, howtos or other helpfull stuff?

Regards
Frank.
-- 
Frank Matthieß                                   Netgate-IT
Mail: samba-ml at netgate-it.de                     Otto-Brenner-Straße 203
                                                 D 33604 Bielefeld
                                                 Fon : +49 521 2 23 33
                                                 Fax : +49 521 2 22 55

More information about the samba mailing list