Mixed profiles w/Samba-PDC

Jeremy Allison jallison at whistle.com
Wed May 27 18:53:49 GMT 1998

Paul Ashton wrote:
> jallison at whistle.com said:
> > Indeed I'm going to remove the 'domain sid' parameter
> > before then (that'll break *everyone's* smb.conf files :-)
> NO! Don't do that. I was going to mention this earlier when
> you introduced it, but I didn't since you didn't remove the
> option to do it manually.
> Unix isn't NT. On Unix I like to have control over what
> happens. I don't like "management by broadcast" and "management
> by random number generation" which is half of what NT is all
> about. If I want to configure my DHCP server or my Samba PDC
> to allocate mappings that perhaps have a larger significance,
> I can do it. Why is 1-5-21-32423423-2342312-123213 better than
> 1-5-21-192-168-59 which happens to also indicate which subnet
> the PDC is for? (to give but one contrived example)

I agree with you about NT. Removing the domain sid parameter
from smb.conf won't stop you hand configuring the SID though.

The machine SID is now stored in the MACHINE.SID file in
*exactly* the same (ascii) format it would be in the 
smb.conf file (eg. S-1-5-21-192-168-59 to use your example).

The reason I want to remove the parameter from the smb.conf
is that changing a machine SID is not something to be done
lightly, whilst you're editing a new share (for example), as
it would break many things.

Moving the SID into a separate file, whose existance you
have to know of and hand edit to do exactly what you want
fixes this problem. For the people who don't care (90%), 
the file is generated using random numbers, for the people 
who do, they can create it themselves - that's the power
of UNIX :-).


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-ntdom mailing list