I thought I had this working when I tested it a few months ago with a different test server, but I?ve tried everything from my previous notes, and can?t get it to work now. I?m replacing a Samba 3.0.10 Unix server with a SerNet Samba 4.1.2 Debian Wheezy server. The new server has to look exactly the same to the existing workstations. The workstations are all running Windows XP Pro. I?ve set up the new server, and on a separate test network configured it so that it has the same IP address, name and domain etc as the old server. I set SAMBA_START_MODE ?classic? in /etc/default/sernet-samba. My smb.conf seems fine. On the server I?ve created unix users, groups and machines with the same passwords, UIDs and GIDs as on the old server, and added users and machines to the relevant groups. I?ve created samba passwords for the users and machines. The server has the same local and domain SIDs as the existing server. I?ve mapped NT groups to Unix groups: net groupmap add rid=512 unixgroup=d-admin ntgroup=?Domain Admins? net groupmap add rid=513 unixgroup=d-user ntgroup=?Domain Users? net groupmap add rid=514 unixgroup=nobody ntgroup=?Domain Guests? net groupmap add rid=515 unixgroup=xp-name ntgroup=?Domain Computers? On my test PC which had been logging in to the existing server, I checked the user SID, and also ran ?pdbedit ?L ?v? on the existing server to verify. I issued the following command to set the user SIDs to be the same on the new server: pdbedit ?r ?U 1252 ?u carol pdbedit ?r ?U 1396 ?u xppc072$ pdbedit ?L ?v ?u xppc072$ returns the same on both servers. However, when I try to login from the test PC to the new server, the Samba log file for the machine says ?netlogon_creds_server_check failed. Reject auth request from client XPPC072 machine account XPPC072$?. On another test machine I was able to login after taking the machine off the domain (setting it to a workgroup) then adding it back to the domain. However, the system has more than 60 computers, and in the past I?ve found that dabbling with a PC's domain membership can muck up a user?s local profile, needing quite a bit of work to resolve. I can?t risk this sort of thing when switching to the new server. I had a look at the Microsoft XP Support Tool called netdom.exe thinking that might let me more easily reregister a computer on the domain if that might be required, but I can?t get it to work. I?ve also seen a product called ForensIT User Profile Wizard, but I?m not sure if that would be of use in this situation. In any event, I?d prefer to get the new server configured so that no intervention is needed on any of the workstations. I?d appreciate some help with this. I?m (hopefully) probably missing something obvious!