[Samba] How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")

Denis BUCHER dbucherml at hsolutions.ch
Tue Dec 9 09:29:01 MST 2014 

 

Hello, 

Thank you very much, your document was very interesting! We will not
upgrade to AD DC now, but maybe later. 

Denis 

Le 09.12.2014 15:05, Chan Min Wai a écrit : 

> Hi Denis,
> 
> Just invade if you also upgrade to AD DC. 
> 
> Looking and the Classical upgrade guide on wiki. You have to follow that.
> Rowland Penny <rowlandpenny at googlemail.com> 於 2014年12月9日 19:41 寫道: On 09/12/14 11:22, Denis BUCHER wrote: Dear Marc, Dear Rowland, Le 08.12.2014 23:01, Marc Muehlfeld a écrit : Am 08.12.2014 um 22:55 schrieb Rowland Penny: Hi, It sounds very much like a SID problem to me. the user 'Fred' with the SID-RID 'S-1-5-21-4036476082-4153129556-3089177936-1005' is **NOT** the same user as 'Fred' with the SID-RID 'S-1-5-21-2025076216-3455336656-3842161122-1005' You need to change the domain SID on the new PDC to match the SID on the windows machines. Denis, is this a _new domain_ (with the same name)? Or just a _new server_ where you placed the profiles. If it's a _new domain_, then Rowland is surely right and it is an SID problem. But you talked about a _new server_. Please be more clear about your environment. Regards, Marc
 Yes, you're right, I must clarify a little more on this point: You were
right, what we *WANT* to do is simply to replace the old PDC under Samba
3 by the new PDC under Samba 4. (Simply a new server). But what we
*DID*, is in fact to configure a _new domain_ with the same name.
Therefore, I agree that it the problem is SID related, and if I
understand you correctly, this is the wrong way to do it! We should
instead configure a new server with same domain, right? Thank you very
much for your appreciated help, Best regards, Denis OK, If you just want
to have a new replacement PDC, you need to: A) Install your OS of choice
B) Install samba4 C) Get the Domain SID from your old PDC D) Use your
old smb.conf as a template for your new one, checking that all the old
lines are still valid, refer to 'man smb.conf'. If you have a 'socket
options' line in your old conf file, remove it!, you are likely to be
making things worse. E) run 'net setdomainsid <SID YOU GOT EARLIER>' F)
start smbd,nmbd & winbind If it is possible, use the same ipaddress &
hostname of the old server for the new server. Rowland -- To unsubscribe
from this list go to the following URL and read the instructions:
https://lists.samba.org/mailman/options/samba [1] 

 

Links:
------
[1] https://lists.samba.org/mailman/options/samba

More information about the samba mailing list