[Samba] Renaming a computer on a Samba domain

Tue Jan 12 19:44:20 MST 2010

It's not a Samba issue. It's a Windows issue. Windows associates the 
account name with a particular SID, whether it's a machine or a user 
account. You can't just change the name like you can in Unix.

Now I admit I haven't worked on Windows Servers newer than W2K but the 
NT domain stuff hasn't changed. The only way to change an account name 
for a SID is to remove it first then re-add it under the new name. With 
Samba and machine accounts this can be done by dropping the machine 
account from the database then changing the machine name on the local 
machine while adding it back into the Domain.

Again however, if you are re-assigning machines without re-imaging them, 
you've got a security problem to deal with. I'm not saying you have to 
do a DoD-type erase, but at least don't leave files around that can be 
easily undeleted. Re-imaging has been around for more than a decade. 
It's not that hard to do. And it takes care of your issues with changing 
the name - just give the re-imaged machine its new name. The only down 
side is (the last time I checked anyway) is you need a commercial 
package like Ghost to give each image a unique SID.

Jason Somers wrote:
> I guess I am just missing the point here. I am not in the position to 
> change policy. I must work with what I have inside of standard 
> operating procedures.
>
> Why is it such a big deal to change the computer name while connected 
> to the domain? This seems like such a simple thing (that you can do on 
> ALL Windows domains), and yet it does not seem like it can be done on 
> Samba...
>
> -Jason
>
>
> Gaiseric Vandal wrote:
>> On 01/12/10 15:54, Walter Mautner wrote:
>>> Am Dienstag, 12. Januar 2010 20:24:25 schrieb Jason Somers:
>>>  
>>>> Clients are NFP, and have about 100 workstations. Once or twice a 
>>>> year,
>>>> they get grants for upwards of 10 new systems. These systems get
>>>> distributed to those with the most need, and in turn, their systems 
>>>> get
>>>> passed to whomever has computers less powerful than those.  System 
>>>> names
>>>> reflect different departments and subdepartments, so if you move a
>>>> computer anywhere, its name must change.
>>>>
>>>> Make sense?
>>>>
>>>>      
>>> Changing policy makes even more sense. Like here, our main office is 
>>> getting
>>> crowded while one or the other branch office dies due to financial 
>>> cuts.
>>> That makes for a lot of internal moves.
>>> While we had our client computers named that way as well, a while ago,
>>> we soon faced the nightmare (it's not only the samba/ldap, but other 
>>> servers
>>> like the av management server, policy-driven services and whatever) 
>>> of having
>>> to change a lot of data and database entries on every move.
>>> Now, we just number the boxen (try to change to numbers representing 
>>> the SAP-
>>> generated 6-digit asset ids) and keep the location and similar info 
>>> in a
>>> single database asset database.
>>>    
>>
>>
>> We use LDAP for a backend.   At some point when we switched from TDB 
>> to LDAP not all the machine info imported properly.   But I was able 
>> to use "smbpasswd -w" to dump out sambaSID's to copy and paste into 
>> LDAP.
>>
>> So if your backend was ldap you could probably change the machine 
>> name in LDAP as well as on the machine.   Or possibly create a new 
>> LDAP entry and cut and paste the LDAP sambaSID.  This would probably 
>> be a huge pain with a TDB backend.
>>
>> Once place I worked we used only dells, which had nice short service 
>> tags, which doubled as their machine names.
>>
>>
>