[Samba] Lost most data on Windows XP machine switching to domain

[Jesse Stone]

Thank you for all the responses.  Thinking back on how I did it, I bet it
was a permissions issue which prevented the files from migrating to the
Samba server but that still shouldn't have caused them to be deleted.  The
files were complete gone.  I checked both the old non-domain directory and
the newly created domain directory.  I was able to recover 98% of the data
using a special recovery program my IT department provided me.

The option I had to use to find the files using the recovery software was
not "Accidently Deleted" but "Disk was formatted" which makes me think
whatever process distroyed the files did it in a way where they did not go
into the recycle bin but completely distroyed.

-Jesse

On Sat, Oct 4, 2008 at 6:02 PM, Scott Lovenberg
<scott.lovenberg at gmail.com>wrote:

>  Jesse Stone wrote:
>
>> I'm wondering if anyone has run across that and MUCH more importantly, if
>> the data can be recovered somehow.
>>
>> I'll put as much details as I can at the bottom but here's the gist of the
>> problem:
>>
>> I added my wives computer (which contains 8 years worth of pictures) to
>> the
>> domain.  When I logged into the new domain account it was empty and my
>> wives
>> domain users had no access so I did the following:
>>
>> 1) Logged out of the domain account and back into the machine account
>> 2) Added the domain user to the administrative group
>> 3) MOVED (yes, I'm an idiot) everything from my wive's standard profile to
>> the domain profile
>> 4) Logged back in with the domain account
>>
>> Here's what happens:
>> a few random things where in the new domain.  For example, 1 bookmark (out
>> of about 50) was in my wive's favorites folder.  The "My Pictures" folder
>> contained "Sample Pictures" only.
>>
>> My guess is that 1 of 2 things happened:
>>
>> 1) Samba didn't expect there to be data yet so started out with a fresh
>> new
>> profile.  This doesn't explain how some (less than 1% of her data) is
>> available
>>
>> 2)  My wive is connecting to the domain via wireless.  Somehow, mid-copy
>> the
>> wireless shut off and the data never made it to the roaming profile.
>>
>> Please someone give me good news like "just do this and the data will be
>> recovered!"
>>
>> OK, here's the details (which will show my lack of understanding):
>>
>> I followed the following article when setting up Samba:
>> http://www.howtoforge.com/samba_setup_ubuntu_5.10_p4
>>
>> The only changes I made are that I commented out the following lines
>> (believing this would STOP roaming profiles.  I did not actually want
>> roaming profiles and was only planning on setting the "My Documents"
>> folder
>> to use server storage.
>>
>> #logon drive = H:    <--  May use later for roaming profiles
>> #logon path = \\%N\profile\%U    <--  May use later for roaming profiles
>>
>> (Note, the only thing this did is stop the drive letter from being set.
>>  The
>> "profile" directly was still created, only under the /home/%user%/
>> directory
>> instead of /home/samba/profiles/)
>>
>> Here's the entire smb.conf I am using:
>> [global]
>> workgroup = domaintest
>> netbios name = server3200
>> server string = File Server
>> passdb backend = tdbsam
>> security = user
>> username map = /etc/samba/smbusers
>> name resolve order = wins bcast hosts
>> domain logons = yes
>> preferred master = yes
>> wins support = yes
>> # Set CUPS for printing
>> printcap name = CUPS
>> printing = CUPS
>> # Default logon
>> #logon drive = H:
>> #logon script = scripts/logon.bat
>> #logon path = \\%N\profile\%U
>> # Useradd scripts
>> add user script = /usr/sbin/useradd -m %u
>> delete user script = /usr/sbin/userdel -r %u
>> add group script = /usr/sbin/groupadd %g
>> delete group script = /usr/sbin/groupdel %g
>> add user to group script = /usr/sbin/usermod -G %g %u
>> add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody
>> %u
>> idmap uid = 15000-20000
>> idmap gid = 15000-20000
>> # sync smb passwords with linux passwords
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
>> *Retype\snew\sUNIX\spassword:* %n\n .
>> passwd chat debug = yes
>> unix password sync = yes
>> # set the loglevel
>> log level = 3
>> [homes]
>> comment = Home
>> valid users = %S
>> read only = no
>> browsable = no
>> [printers]
>> comment = All Printers
>> path = /var/spool/samba
>> printable = yes
>> guest ok = yes
>> browsable = no
>> [netlogon]
>> comment = Network Logon Service
>> path = /home/samba/netlogon
>> admin users = Administrator
>> valid users = %U
>> read only = no
>> [profile]
>> comment = User profiles
>> path = /home/samba/profiles
>> valid users = %U
>> create mode = 0600
>> directory mode = 0700
>> writable = yes
>> browsable = no
>>
>> Please understand that my wife may well divorce me if I can't recover this
>> stuff.
>>
>> -Jesse
>>
>>
> I'm a little mixed up about about the steps that you took... Am I
> interpreting this correctly:
> 1.)  You signed on with your wifes domain account, then logged out
> 2.)  You then logged in as a local admin and added her domain account to
> the Domain Administrators group
> 3.)  Before logging out of the local admin account, you moved all of her
> files to the default domain profile (in the netlogon share) (with
> permissions 0600 as per your profile share configuration)
> 4.)  You then logged out of your local admin account and logged back in
> with your wifes domain account
> 5.)  Everything is missing at this point.
>
> I'm fairly sure that Windows handles dropped connections during a sign
> on/off with a file that contains successfully transferred files.  The fact
> that you have some of her files makes me wonder if you've got a permissions
> issue going on.  Are you sure that the files aren't on the domain controller
> with permissions that keep her account from seeing them?
> If I were you, I'd remount that drive read only 60 seconds ago and make a
> copy of it right away.  Even if you deleted the files, you can probably get
> a dd_rescue image before you actually blow them away.  I've had success with
> that before after fat-fingering an effective "rm -rf /." while logged in as
> root.  The Samba team will be happy to know that the Samba server limped
> along while the Windows clients dropped like a lead zeppelin (apologies to
> Keith Moon). :D
>
> I was able to get ~98% of the data back even with a 3ware RAID card,
> reiserfs, and LVM complicating the matter.  You've probably got a good shot
> at recovering that data (if it really did go MIA) if you don't write
> anything else to the disk.  YMMV, of course.
>