The network I'm adminning was until recently physically separated into two networks, each with a Samba 3 PDC/fileserver, a couple of WinXP Pro workstations, and about ten users. I used tdbsam as backend for both Samba servers.
Recently, the networks were physically joined. There were no problems with that, but as one of the servers was ripe for retirement I wanted to join the two domains into one, letting the other server do everything. Thus (here is where you start counting my mistakes) I copied /home and /var/lib/samba from the old server to a temporary directory on the new one, and got rid of the old server. On the new server, I exported the passdb of the old server to smbpasswd, edited it to avoid UID conflicts, created the new users, merged the edited smbpasswd file, untarred the home directories and chown:ed them. Then I created machine accounts for the workstations in the old domain, and joined them to the domain, and expected everything to work. It sort of did. The users of the old domain could log in with their old passwords, and access their home directories. However, there were problems with Word - on startup, it asks twice for the user's name and initials, and then complains about the assistant not being correctly installed, which does not happen for the users originally in the new domain. They can't access C:\Documents and settings\username, since the SID recorded in the ACL no longer points to a valid user. Thus directories called username.domainname are created instead. Further, some users have the same SID. I tried to change that using pdbedit -u username -U new-sid, but it complained about not finding the RID in the database. It worked when I did: tdbtool passdb.tdb insert RID_new-sid username\0 first. I have done this for one user, but it's not the magical solution I hoped it would be - in the ACL, the user still appears as OLDDOMAIN\username, and problems with Word persist. pdbedit -L -v shows the old domain name in the user record - is there any way to change that? All in all, I feel like starting over, wiping the users of the old domain from the database, recreate them one by one, and change the ownership of c:\Documents and settings\* on the workstations. But I can't see how I could do that without resetting their passwords, as pdbedit can't change the hashed passwords directly but requires the cleartext one. Is there another way to do that? Or is there a simpler solution to my problems? Finally, how would I have done this properly from the beginning? Magnus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba