Adding a couple of simple functions to smbpasswd for Samba 2.2.8

Richard Sharpe rsharpe at
Thu Jan 30 18:12:22 GMT 2003


If a user changes the NetBIOS name of their Samba PDC, or the DNS name, 
when they have not set a NetBIOS name, their SID will change, and 
workstations that have joined the domain will not be able to log on.

This is because Samba uses the NetBIOS/DNS name to determine if it should 
generate a SID. There is a small discussion of this up on

Between Volker Lendeke and I, we have added support to Samba Head and 
3.0.0 that allows you to retrieve the old SID, which is still in the 
secrets.tdb file, and place the SID into the correct entry in the 
secrets.tdb if you ever get into that problem.

Now, I was thinking of doing something similar for Samba 2.2.8. This will 
involve modifying smbpasswd. For reasons of code simplicity, I have 
abandoned my earlier thoughs of using 'smbpasswd -L -S <dom>' to retrieve 
the old SID and something similar to set the SID.

Instead, I propose:

  smbpasswd -X <dom> 

to eXtract the old SID


  msbpasswd -W S-1-5-21-x-y-z

to Write the new SID as the domain SID for the current domain into the 
secrets.tdb file.

These are not a lot of coding, should not destabalize any existing code, 
and will save at least some people some pain.

Are there any comments?
Richard Sharpe, rsharpe[at], rsharpe[at], 

More information about the samba-technical mailing list