Is there a way to generate SECRETS/SID/<DOMAIN> without smbpasswd
-j <DOMAIN> -r <PDC>?
boehm at nortelnetworks.com
Tue Apr 15 14:20:43 GMT 2003
I experienced some problems when upgrading to 2.2.8 (now 2.2.8a) from
The Samba server with a member of the domain. Samba 2.2.8 merged
<DOMAIN>.<HOSTNAME>.mac and MACHINE.SID into secrets.tdb. However, I
was getting error messages that it was no longer able to change the
[2003/04/01 12:35:12, 0, pid=28443] rpc_client/cli_trust.c:(46)
domain_client_validate: unable to fetch domain sid.
[2003/04/01 12:35:12, 0, pid=28443] rpc_client/cli_trust.c:(247)
2003/04/01 12:35:12 : change_trust_account_password: Failed to change password for domain AMERICASE.
I did some more digging by putting some debug statements in
passdb/secrets.c and tdb/tdb.c. I found that the samba was looking for
a key in secrets.tdb SECRETS/SID/<DOMAIN>.
I found that if I refreshed the machine account and rejoined the
domain, it would create this key.
Is there a way to generate this key without rejoining the domain
Or, to put it another way, why isn't this key generated when
2.2.8a reads the old 2.0.7 files?
One final observation. When I rejoined the domain, I noticed that
there was no longer a SECRETS/SID/<HOSTNAME> key. Why is this key
generated from the old 2.0.7 files if rejoining the domain leaves it
Eric M. Boehm /"\ ASCII Ribbon Campaign
boehm at nortelnetworks.com \ / No HTML or RTF in mail
X No proprietary word-processing
Respect Open Standards / \ files in mail
More information about the samba-technical