[Samba] How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")

Marc Muehlfeld mmuehlfeld at samba.org
Mon Dec 8 14:51:02 MST 2014

Am 08.12.2014 um 22:42 schrieb Denis BUCHER:
>> How are the IDs mapped on both servers? Do the users/groups have the
>> same IDs on both machines? E. g. if you store them in your AD / PDC
>> backend and retrive them on the fileserver, then you should be able to
>> simply copy the profiles and preserve the file permissions.
> Yes, users have the same name. User "dbucher" is still "dbucher" on the
> new server and files have their ownership and rights preserved. 

But does dbucher has the same ID on both hosts?

>> If you used a local ID mapping on the old server, you have to
>> transfer the idmapping DB, to keep UIDs/GIDs.
> Yes, no problem on this side. But the problem seems to be with Windows
> SID. 

If this are domain users and you move the profile within the same
domain, then this doesn't matter, because the SID stuff is inside the
profile and doesn't change if you only move the profiles to a different

2 weeks ago I this at work in production too. Samba AD and moved about
25 users profiles to a new member server in a branch office, which is
part of the same AD domain. The ID mapping come from RFC2307 out of the
AD. Just had to copy the files to the new host (done through an SSH
tunnel with preserved ACLs). Then just adapt the users profile path in
AD and their folder redirection GPO. Done. Nothing else. And no SID
stuff was necessary.


More information about the samba mailing list