mismatched domain causes wierd behaviour

Andrew Bartlett abartlet at samba.org
Wed Sep 24 23:08:44 GMT 2003


On Thu, 2003-09-25 at 06:40, Brad Langhorst wrote:
> Obviously the SID in the tdbs must match the SID in ldap for proper
> operation...
> 
> During my last upgrade I must have forgotten to restore the SID with net
> setlocalsid but domain logons, printing, etc. worked just fine.
> 
> I only detected the problem when adding a new machine failed with
> cryptic messages in the log about not finding the computer in the ldap
> store.  
> 
> I finally figured it out after much gnashing of teeth.
> 
> Perhaps it would make sense to put in some kind of check that these SIDs
> are the same...

There is...  I added that code to pdb_ldap.  What's not functioning
about it?

> or better yet just use one to populate the other...
> or even better still just have the SID in one place so this can't
> happen.

That part is difficult, as not all the places that need it should really
need to poke at LDAP etc.  (But I had considered that as a design, for
this very good reason).

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030924/a510ef19/attachment.bin


More information about the samba-technical mailing list