[Samba] Upgrade/migrate, lost workstation trusts

Dave Beach drbeach4 at gmail.com
Fri Feb 26 11:59:10 UTC 2016 

Same physical computer, I performed a fresh and much newer o/s installation (slackware to debian). Samba was v3.5x, moved to the newest stable debian version. Backend is ldap. Testparm is fine. Moved old secrets.tdb, etc, to the appropriate new locations (old system disk is both completely backed up as well as still physically available to me, so I have all files from the old server). Ldap is working fine (finally!), and Samba starts up. I can map shares on the server, which is great.

To be a bit more clear about where I am at the moment, if Samba is running on the server I cannot log onto the workstations even though I only use local profiles (I can log on as local admin, of course, but then I have profile issues). Stopping Samba lets me log on with cached credentials, after which I can restart Samba and manually map drives on the workstation to shares on the server.

What's not great is that the workstation trusts appear to have broken, and I cannot leave/rejoin the domain (not that that's my preferred way of solving the problem). I think I have two possibly unrelated problems:

1) I want to restablish the workstation trusts such that user accounts and files on the workstations (all Win7) are not affected by the Samba upgrade; and

2) I need to figure out why I cannot simply rejoin the domain from the workstations - the errors appear to be related to the use of the server's root account to authorize the join, which worked fine before the big switch.

For #1, I wonder if I'm having a SID problem. Is there a decent "how-to" guide that covers both migration and upgrading Samba, confirming what files I need to preserve and how to validate that the SIDs are the same?

For #2, I'm not sure I understand the mechanics of how a domain join happens, and how the authorizing account is leveraged to do that. Is there a decent explanation of that somewhere?

Help gratefully accepted. In the meantime, at least I can map shares on the server and manually re-establish workstation backups.

More information about the samba mailing list