samba4 migration problems

Marc Muehlfeld Marc.Muehlfeld at
Thu Apr 19 06:27:30 MDT 2012

Am 19.04.2012 14:06, schrieb Andrew Bartlett:
>> Also I saw lines like
>>   >  Skipping wellknown rid=149 (for username=vm-02$)
>>   >  ...
>>   >  Skipping wellknown rid=150 (for username=test_member$)
>> for my machine accounts. How can I check if everything was migrated?
> You have allocated SIDS with RID values from the 'well known' range (<
> 1000).  This is broken, and much be corrected before importing into
> Samba4, as these RIDs belong to special objects in Active Directory.

I just did a short search and through my production server. I have 132 entries 
in my LDAP, where the last part of the SID < 1000. It looks like just machine 
accounts are affected.

smbldap-tools create the machine-accounts when joining. The UID is always high 
like 2136, but the sambaSID that was choosen was 
For users it's calculated correct (UID * 2 + 1000)

> As long as your machines do not own files, changing the SID should be
> mostly harmless.

Don't I have to rejoin the machine to the domain if I change the SID? Can I 
just rename it in LDAP?


Marc Muehlfeld (IT-Leiter)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-780

More information about the samba-technical mailing list