[Samba] Moving a computer from a down domain to a new domain

Robert Moskowitz rgm at htt-consult.com
Thu Apr 11 18:39:30 MDT 2013 

I had been running a samba server, the AMAHI F12 distro, that has samba 
3.4.9.  It ran well enough, but I was planning on replacing it with 
ClearOS.  Well monday night I lost my server harddrive, so now it is 
crunch time to update/upgrade.

I think I have ClearOS configured properly, it is running samba 3.6.10 
(Redhat 6.4 based).  So far I have tried to add two of my XP systems to 
the new domain.  The process I have been using (and what I did 4 years 
ago when I moved them from a REAL NT domain to the samba domain) was to 
first login locally as administrator and using System Properties > 
Computer Name >Domain Change to move the computer to a workgroup called 
SELF.  I then reboot and use the same dialog to join the new domain, 
HOME.  The old domain was HDA, but a prior domain was also HOME.  This 
fails and in the samba logs I see:

[2013/04/11 20:22:29.563127,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'
[2013/04/11 20:26:01.504397,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain 
sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
winadmin(S-1-5-21-4240919292-2417995422-4236335894-302)
[2013/04/11 20:26:01.504589,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'
[2013/04/11 20:26:44.676638,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain 
sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
rgm(S-1-5-21-4240919292-2417995422-4236335894-1000)
[2013/04/11 20:26:44.676804,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'

rgm is a user on the system that has admin priv, and a user on the samba 
server that is in the domain_admin group.

What is with the SID problem?  How do I clean this up?

More information about the samba mailing list