samba - Sep 2006 - netlogon initially fails after moving samba server to new machine.

Yesterday I migrated a Samba server from one machine running
Samba 3.0.13 (on Mandrake 10.0) to another running 3.0.20-3
(on Mandriva 2006).  The contents of:

 /etc/samba/*   (all the .conf files)
 /usr/local/samba/private/*  (secrets.pdb, smbpasswd)

were moved intact from one machine to the other, as was all
of the user data.  I even checked md5sums - no changes to any
of the samba files.  Then the new machine
was given the old machine's IP address and vice versa.  Reboot both
machines, start Samba on the new one, leave it off on the original
server. The firewall configuration
is identical on the two machines.

Verified that windows explorer (run as administrator on a test
machine) can mount any user (domain\username) without a problem.

One would think that the XP clients could then logon to the domain,
which moved intact to the new machine.  But no.  Attempts to login
to the domain failed until the following steps were taken on one
client:

1.  login as administrator on the client.
2.  remove the client machine from the domain.
3.  reboot the client machine.
4.  smbpasswd -m -x clientname
5.  smbpasswd -m -a clientname
6.  login as administrator on the client.
7.  add the client to the domain.
8.  reboot the client.

After that I could login on that client, but logins on the other
clients say this:

Windows did not load your roaming profile and is attempting to log you
on with your local profile. Changes to the profile will not be copied to
the server when you logoff. Windows did not load your profile because a
server copy of the profile folder already exists that does not have the
correct security. Either the current user or the Administrator's group
must be the owner of the folder. Contact your network administrator. 

(Whether or not a local profile actually exists.)

I'm guessing that this too will go away once the second machine
is removed/added to the domain.  Testing...  Yes, that's true.

This is all very strange to me.  The only thing that the client
can see that differs between yesterday and today, near as I can tell,
is the MAC of the server. They are all on the same subnet, so
the client can see the MAC.  Else, how does the XP client realize
the server has changed and fail to logon?

This is only a minor PITA for me, since there are only 8 clients
involved.  It would be really painful though for a site with
hundreds of clients.

Thanks,

David Mathog
mathog@caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech

G?mes G?za wrote
> The most probably cause of this is, that you have different domain SIDs
> on the old and the new machine. Try to find it out with net getlocalsid
> and compare the results. If they are different you need to reset the new
> servers version to the olds with net setlocalsid SID.
Hmm, good shot, they are different.  Where is this stored?  I copied
over all the configuration files that I could find and still
ended up with different SID values.

Thanks,

David Mathog
mathog@caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech

If they are different you need to reset the new
> > servers version to the olds with net setlocalsid SID.
> 
>Where is this stored? 
I found the problem, there were

/etc/samba/secrets.tdb
/usr/local/samba/private/secrets.tdb

but only the latter had been copied from the previous system.

I'll slink away quietly now.

Thanks for your help,

David Mathog
mathog@caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech