Rob,
Please read the Samba-HOWTO-Collection.pdf chapters on Policies and
Profile Management.
Windows NT/2Kx/XP stores the domain and/or machine SID in the profile.
There are two ways to solve the problem you have:
1) Change the SID of your Samba-3 installation to match that of the old
server. You need to extract that Domain SID using the smbpasswd tool (if
your old system was running Samba-2.x, or is running NT4/2Kx). You can
update the SID of your Samba-3 installation using the "net" utility.
_OR_
2) Change the SIDs stored in the profiles. The tool to use is called
"profiles".
Cheers,
John T.
On Fri, 7 Nov 2003, Rob Fulton wrote:
> Not strictly a Samba question but hopefully someone has a solution. We run
> samba as a pdc for an office network of 2000/XP machines, the machines is
> old and dying, I have installed samba 3 on a new server and given this a
> different domain name.
>
> I can join machines to the new domain no problem, I can create new samba
users and log in with them on the machines, the
> problem is when I try to migrate users off the old domain to the new
> domain. I create the new account on the new domain and then copy their
> profile from their windows machine onto the new controller.
>
> The profile I copy across will not work for the user correctly unless I add
the user to
> the local Admin group on their machines, the user is unable to customise
> their desktop and any customisations that were in their profile are not
> activated, ther start bar is locked and unable to be unlocked and no
> history is saved between logouts. I have looked at policy stuff but
it's
> not obvious why migrating the profile, and specifically ntuser.dat, causes
> the profile to break and require admin rights.
>
> If anyone has any suggestions as to how to fix this or a better way of
> migrating from one server to the next please let me know
>
> Cheers
>
> Rob Fulton
>
>
--
John H Terpstra
Email: jht@samba.org