[Samba] Windows client domain member getting incorrect value for LOGONSERVER

Michael Lueck mlueck at lueckdatasystems.com
Sat Apr 1 20:05:22 UTC 2017

Greetings again,

Michael Lueck wrote:
> Question about a hard spot we encountered... one Windows machine joined to the domain is insisting on setting its LOGONSERVER to its own hostname rather than the PDC it logs into. See example:

Seems the root of the difficulty is that the Windows clients are only partially joined to the new server PDC. Plugging them into the former PDC server restores full functionality.

I have validated I believe I moved the critical files from the old Samba PDC. I repeated the steps a couple of times today, and still not full success with the new machine as a PDC. Though I have seen 
an improvement: The Windows server is now able to be connected to as a member of the NT4 Samba domain.

High level steps I used as follows:

Stop old server smbd / nmbd services.

As root, make a tar.bz of all files/dirs within /var/lib/samba/
One as well for /etc/samba/

I moved over the entries in files /etc/passwd /etc/shadow /etc/group

IPL the new machine.

I have validated that the server's SID did successfully transplant via net getlocalsid

However group mapping between Linux server groups and local Windows user groups is not transferring to the new PDC. Logging on to Windows with a domain account, if I issue net user userid /domain then 
the only group displayed the domain ID is a member of is the normal users group. I do not see the Power User / Administrator group permissions present when logging into the new PDC server.

Patch back to the old PDC, and everything just plain works.

Any thoughts on what I might be neglecting to migrate to the new server that contains the critical missing gap?

I am thankful,

Michael Lueck
Lueck Data Systems

More information about the samba mailing list