Marc Muehlfeld
2014-Dec-08 22:01 UTC
[Samba] How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
Am 08.12.2014 um 22:55 schrieb Rowland Penny:> Hi, It sounds very much like a SID problem to me. > > the user 'Fred' with the SID-RID > 'S-1-5-21-4036476082-4153129556-3089177936-1005' is **NOT** the same > user as 'Fred' with the SID-RID > 'S-1-5-21-2025076216-3455336656-3842161122-1005' > > You need to change the domain SID on the new PDC to match the SID on the > windows machines.Denis, is this a _new domain_ (with the same name)? Or just a _new server_ where you placed the profiles. If it's a _new domain_, then Rowland is surely right and it is an SID problem. But you talked about a _new server_. Please be more clear about your environment. Regards, Marc
Rowland Penny
2014-Dec-08 22:06 UTC
[Samba] How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
On 08/12/14 22:01, Marc Muehlfeld wrote:> Am 08.12.2014 um 22:55 schrieb Rowland Penny: >> Hi, It sounds very much like a SID problem to me. >> >> the user 'Fred' with the SID-RID >> 'S-1-5-21-4036476082-4153129556-3089177936-1005' is **NOT** the same >> user as 'Fred' with the SID-RID >> 'S-1-5-21-2025076216-3455336656-3842161122-1005' >> >> You need to change the domain SID on the new PDC to match the SID on the >> windows machines. > > Denis, is this a _new domain_ (with the same name)? Or just a _new > server_ where you placed the profiles. If it's a _new domain_, then > Rowland is surely right and it is an SID problem. But you talked about a > _new server_. Please be more clear about your environment. > > > Regards, > Marc >Hi Marc, I read it that he has just set Samba4 up as a replacement for an S3 'classic' NT4 PDC, if he has upgraded to AD without using samba-tool, then I think he has a big problem, but as you said, more info required. Rowland
Denis BUCHER
2014-Dec-09 11:22 UTC
[Samba] How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
Dear Marc, Dear Rowland, Le 08.12.2014 23:01, Marc Muehlfeld a ?crit :> Am 08.12.2014 um 22:55 schrieb Rowland Penny: > >> Hi, It sounds very much like a SID problem to me. the user 'Fred' with the SID-RID 'S-1-5-21-4036476082-4153129556-3089177936-1005' is **NOT** the same user as 'Fred' with the SID-RID 'S-1-5-21-2025076216-3455336656-3842161122-1005' You need to change the domain SID on the new PDC to match the SID on the windows machines. > > Denis, is this a _new domain_ (with the same name)? Or just a _new > server_ where you placed the profiles. If it's a _new domain_, then > Rowland is surely right and it is an SID problem. But you talked about a > _new server_. Please be more clear about your environment. > Regards, > MarcYes, you're right, I must clarify a little more on this point: You were right, what we *WANT* to do is simply to replace the old PDC under Samba 3 by the new PDC under Samba 4. (Simply a new server). But what we *DID*, is in fact to configure a _new domain_ with the same name. Therefore, I agree that it the problem is SID related, and if I understand you correctly, this is the wrong way to do it! We should instead configure a new server with same domain, right? Thank you very much for your appreciated help, Best regards, Denis
Rowland Penny
2014-Dec-09 11:41 UTC
[Samba] How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
On 09/12/14 11:22, Denis BUCHER wrote:> > > Dear Marc, Dear Rowland, > > Le 08.12.2014 23:01, Marc Muehlfeld a ?crit : > >> Am 08.12.2014 um 22:55 schrieb Rowland Penny: >> >>> Hi, It sounds very much like a SID problem to me. the user 'Fred' with the SID-RID 'S-1-5-21-4036476082-4153129556-3089177936-1005' is **NOT** the same user as 'Fred' with the SID-RID 'S-1-5-21-2025076216-3455336656-3842161122-1005' You need to change the domain SID on the new PDC to match the SID on the windows machines. >> Denis, is this a _new domain_ (with the same name)? Or just a _new >> server_ where you placed the profiles. If it's a _new domain_, then >> Rowland is surely right and it is an SID problem. But you talked about a >> _new server_. Please be more clear about your environment. >> Regards, >> Marc > Yes, you're right, I must clarify a little more on this point: > > You were right, what we *WANT* to do is simply to replace the old PDC > under Samba 3 by the new PDC under Samba 4. (Simply a new server). But > what we *DID*, is in fact to configure a _new domain_ with the same > name. > > Therefore, I agree that it the problem is SID related, and if I > understand you correctly, this is the wrong way to do it! We should > instead configure a new server with same domain, right? > > Thank you very much for your appreciated help, > > Best regards, > > Denis >OK, If you just want to have a new replacement PDC, you need to: A) Install your OS of choice B) Install samba4 C) Get the Domain SID from your old PDC D) Use your old smb.conf as a template for your new one, checking that all the old lines are still valid, refer to 'man smb.conf'. If you have a 'socket options' line in your old conf file, remove it!, you are likely to be making things worse. E) run 'net setdomainsid <SID YOU GOT EARLIER>' F) start smbd,nmbd & winbind If it is possible, use the same ipaddress & hostname of the old server for the new server. Rowland
Possibly Parallel Threads
- How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
- How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
- How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
- How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
- How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")