samba - Apr 2013 - Moving a computer from a down domain to a new domain

I had been running a samba server, the AMAHI F12 distro, that has samba 
3.4.9.  It ran well enough, but I was planning on replacing it with 
ClearOS.  Well monday night I lost my server harddrive, so now it is 
crunch time to update/upgrade.

I think I have ClearOS configured properly, it is running samba 3.6.10 
(Redhat 6.4 based).  So far I have tried to add two of my XP systems to 
the new domain.  The process I have been using (and what I did 4 years 
ago when I moved them from a REAL NT domain to the samba domain) was to 
first login locally as administrator and using System Properties > 
Computer Name >Domain Change to move the computer to a workgroup called 
SELF.  I then reboot and use the same dialog to join the new domain, 
HOME.  The old domain was HDA, but a prior domain was also HOME.  This 
fails and in the samba logs I see:

[2013/04/11 20:22:29.563127,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'
[2013/04/11 20:26:01.504397,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain 
sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
winadmin(S-1-5-21-4240919292-2417995422-4236335894-302)
[2013/04/11 20:26:01.504589,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'
[2013/04/11 20:26:44.676638,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain 
sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
rgm(S-1-5-21-4240919292-2417995422-4236335894-1000)
[2013/04/11 20:26:44.676804,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'

rgm is a user on the system that has admin priv, and a user on the samba 
server that is in the domain_admin group.

What is with the SID problem?  How do I clean this up?

OK, this is a SID problem.  I built an new XP system, installed SP3 then 
tried to use the wizard to connect to the domain:

cat homebase-dectop1
[2013/04/12 16:21:44.899424,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain 
sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
rgm(S-1-5-21-4240919292-2417995422-4236335894-1000)
[2013/04/12 16:21:44.899608,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'
[root at homebase samba]# cat homebase-dectop1
[2013/04/12 16:21:44.899424,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain 
sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
rgm(S-1-5-21-4240919292-2417995422-4236335894-1000)
[2013/04/12 16:21:44.899608,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'
[2013/04/12 16:23:30.110032,  1] auth/server_info.c:386(samu_to_SamInfo3)
   The primary group domain 
sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
winadmin(S-1-5-21-4240919292-2417995422-4236335894-302)
[2013/04/12 16:23:30.110200,  0] auth/check_samsec.c:491(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'

How do you figure out a SID problem and fix it?  This was a clean Samba 
install.


On 04/11/2013 08:39 PM, Robert Moskowitz wrote:
> I had been running a samba server, the AMAHI F12 distro, that has 
> samba 3.4.9.  It ran well enough, but I was planning on replacing it 
> with ClearOS.  Well monday night I lost my server harddrive, so now it 
> is crunch time to update/upgrade.
>
> I think I have ClearOS configured properly, it is running samba 3.6.10 
> (Redhat 6.4 based).  So far I have tried to add two of my XP systems 
> to the new domain.  The process I have been using (and what I did 4 
> years ago when I moved them from a REAL NT domain to the samba domain) 
> was to first login locally as administrator and using System 
> Properties > Computer Name >Domain Change to move the computer to a 
> workgroup called SELF.  I then reboot and use the same dialog to join 
> the new domain, HOME.  The old domain was HDA, but a prior domain was 
> also HOME.  This fails and in the samba logs I see:
>
> [2013/04/11 20:22:29.563127,  0] 
> auth/check_samsec.c:491(check_sam_security)
>   check_sam_security: make_server_info_sam() failed with 
> 'NT_STATUS_UNSUCCESSFUL'
> [2013/04/11 20:26:01.504397,  1] auth/server_info.c:386(samu_to_SamInfo3)
>   The primary group domain 
> sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
> domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
> winadmin(S-1-5-21-4240919292-2417995422-4236335894-302)
> [2013/04/11 20:26:01.504589,  0] 
> auth/check_samsec.c:491(check_sam_security)
>   check_sam_security: make_server_info_sam() failed with 
> 'NT_STATUS_UNSUCCESSFUL'
> [2013/04/11 20:26:44.676638,  1] auth/server_info.c:386(samu_to_SamInfo3)
>   The primary group domain 
> sid(S-1-5-21-3360932306-3333476405-2840157550-513) does not match the 
> domain sid(S-1-5-21-4240919292-2417995422-4236335894) for 
> rgm(S-1-5-21-4240919292-2417995422-4236335894-1000)
> [2013/04/11 20:26:44.676804,  0] 
> auth/check_samsec.c:491(check_sam_security)
>   check_sam_security: make_server_info_sam() failed with 
> 'NT_STATUS_UNSUCCESSFUL'
>
> rgm is a user on the system that has admin priv, and a user on the 
> samba server that is in the domain_admin group.
>
> What is with the SID problem?  How do I clean this up?
>
>