0

I am migrating a old Samba 3 Primary Domain Controller to a new Samba 4 server, creating a new domain and new users. My Windows 7 test client can correctly join the domain and new users can logon on it. So everything OK.

Now I have to migrate old users' roaming profiles from the old server to the new one, mapping the changes on usernames where it is necessary.

Basically I am following this procedure to migrate profiles:

  • make a copy of the [username].V2 profile from the old server to the new [username].V2 on the new server
  • change ACL on files and directories on the profile using setfacl
  • log the new user on the test client

What I get is that the new user can logon on the test client, and I see in the Samba logs that the client is copying the profile from \server\profiles[username].V2, but after few minutes it automatically log off and the client return to CTRL+ALT+CANC window.

I googled for this problem and I got many hints about a client being attacked by spywares, malwares and so on, but this is not my case as the test client is newly installed.

I cannot find any particular error into the Samba logs.

Other users where I created a new profile from scratch (so I did not migrate an old profile on) can logon correctly without any problem, so the problem should be in the way I migrated the Windows profile.

Do you have any idea? Thanks!

Mat
  • 1,873
  • 7
  • 25
  • 41

1 Answers1

0

The NTUSER.DAT in your User's profile contains the SID for that user. If you need to migrate the profiles you'll need a special tool for that.

Maybe the Microsoft User State Migration Tool (USMT) vom AIK can do this.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
Andreas Rogge
  • 2,853
  • 11
  • 24
  • Samba has [`profiles`](https://www.samba.org/samba/docs/man/manpages/profiles.1.html) — _A utility to report and change SIDs in registry files._ Does that work for changing the SID? As Microsoft states, "USMT is intended for administrators who are performing large-scale automated deployments." If you can achieve this with `profiles -c oldsid -n newsid NTUSER.DAT`, USMT might be an overkill. – Esa Jokinen May 09 '17 at 19:05
  • Thanks @EsaJokinen! I read the profiles man, but what about the phrase "It currently only supports NT"? What does it mean? – Mat May 09 '17 at 19:43
  • The "NT" in this context isn't clearly explained anywhere. It could be a relic from Windows 9x/ME times as all Windows ever since has used the one and only NT kernel. On the other hand, it could refer to the operational level of Samba 3 and below. I think you should backup one profile and test whether it works on Samba 4 migration or not. – Esa Jokinen May 09 '17 at 20:02
  • I tested it on a profile, but I receive the "PANIC: Bad talloc magic value - unknown value - Aborted (core dumped)" error. Do you have any hints? – Mat May 15 '17 at 15:05