[Samba] Lost most data on Windows XP machine switching to domain

Scott Lovenberg scott.lovenberg at gmail.com
Sun Oct 5 01:02:15 GMT 2008

Jesse Stone wrote:
> I'm wondering if anyone has run across that and MUCH more importantly, if
> the data can be recovered somehow.
> I'll put as much details as I can at the bottom but here's the gist of the
> problem:
> I added my wives computer (which contains 8 years worth of pictures) to the
> domain.  When I logged into the new domain account it was empty and my wives
> domain users had no access so I did the following:
> 1) Logged out of the domain account and back into the machine account
> 2) Added the domain user to the administrative group
> 3) MOVED (yes, I'm an idiot) everything from my wive's standard profile to
> the domain profile
> 4) Logged back in with the domain account
> Here's what happens:
> a few random things where in the new domain.  For example, 1 bookmark (out
> of about 50) was in my wive's favorites folder.  The "My Pictures" folder
> contained "Sample Pictures" only.
> My guess is that 1 of 2 things happened:
> 1) Samba didn't expect there to be data yet so started out with a fresh new
> profile.  This doesn't explain how some (less than 1% of her data) is
> available
> 2)  My wive is connecting to the domain via wireless.  Somehow, mid-copy the
> wireless shut off and the data never made it to the roaming profile.
> Please someone give me good news like "just do this and the data will be
> recovered!"
> OK, here's the details (which will show my lack of understanding):
> I followed the following article when setting up Samba:
> http://www.howtoforge.com/samba_setup_ubuntu_5.10_p4
> The only changes I made are that I commented out the following lines
> (believing this would STOP roaming profiles.  I did not actually want
> roaming profiles and was only planning on setting the "My Documents" folder
> to use server storage.
> #logon drive = H:    <--  May use later for roaming profiles
> #logon path = \\%N\profile\%U    <--  May use later for roaming profiles
> (Note, the only thing this did is stop the drive letter from being set.  The
> "profile" directly was still created, only under the /home/%user%/ directory
> instead of /home/samba/profiles/)
> Here's the entire smb.conf I am using:
> [global]
> workgroup = domaintest
> netbios name = server3200
> server string = File Server
> passdb backend = tdbsam
> security = user
> username map = /etc/samba/smbusers
> name resolve order = wins bcast hosts
> domain logons = yes
> preferred master = yes
> wins support = yes
> # Set CUPS for printing
> printcap name = CUPS
> printing = CUPS
> # Default logon
> #logon drive = H:
> #logon script = scripts/logon.bat
> #logon path = \\%N\profile\%U
> # Useradd scripts
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> # sync smb passwords with linux passwords
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
> passwd chat debug = yes
> unix password sync = yes
> # set the loglevel
> log level = 3
> [homes]
> comment = Home
> valid users = %S
> read only = no
> browsable = no
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = yes
> guest ok = yes
> browsable = no
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> admin users = Administrator
> valid users = %U
> read only = no
> [profile]
> comment = User profiles
> path = /home/samba/profiles
> valid users = %U
> create mode = 0600
> directory mode = 0700
> writable = yes
> browsable = no
> Please understand that my wife may well divorce me if I can't recover this
> stuff.
> -Jesse
I'm a little mixed up about about the steps that you took... Am I 
interpreting this correctly:
1.)  You signed on with your wifes domain account, then logged out
2.)  You then logged in as a local admin and added her domain account to 
the Domain Administrators group
3.)  Before logging out of the local admin account, you moved all of her 
files to the default domain profile (in the netlogon share) (with 
permissions 0600 as per your profile share configuration)
4.)  You then logged out of your local admin account and logged back in 
with your wifes domain account
5.)  Everything is missing at this point.

I'm fairly sure that Windows handles dropped connections during a sign 
on/off with a file that contains successfully transferred files.  The 
fact that you have some of her files makes me wonder if you've got a 
permissions issue going on.  Are you sure that the files aren't on the 
domain controller with permissions that keep her account from seeing them? 

If I were you, I'd remount that drive read only 60 seconds ago and make 
a copy of it right away.  Even if you deleted the files, you can 
probably get a dd_rescue image before you actually blow them away.  I've 
had success with that before after fat-fingering an effective "rm -rf 
/." while logged in as root.  The Samba team will be happy to know that 
the Samba server limped along while the Windows clients dropped like a 
lead zeppelin (apologies to Keith Moon). :D

I was able to get ~98% of the data back even with a 3ware RAID card, 
reiserfs, and LVM complicating the matter.  You've probably got a good 
shot at recovering that data (if it really did go MIA) if you don't 
write anything else to the disk.  YMMV, of course.

More information about the samba mailing list