[Samba] Re: Renamed PDC, now user profiles don't work

Andrew Bartlett abartlet at samba.org
Tue May 4 03:58:25 GMT 2004

On Tue, 2004-05-04 at 11:46, Anthony Chavez wrote:
> Hash: SHA1
> On Mon, 03 May 2004 19:19:41 -0600 Anthony Chavez <acc at anthonychavez.org> wrote:
> > I just changed the NetBIOS name of my PDC (*not* the name of the domain)
> > and now the security properties of the domain user profile on my
> > Win2kSP4 workstation shows "S-1-5-21-..." as the user rather than the
> > username.
> It turned out that this particular machine had a very shaky network
> connection.  Please disregard my post. ;-)

However, as a warning to others - this can happen.  There was an issue
(and it still happens for domain members, for their 'local' users) where
if you rename a Samba machine, it can regenerate the local SAM sid.  On
a PDC, this is also the domain SID.

In current versions of Samba (3.0.1 or 3.0.2 I think) we make sure that
the 'domain' sid takes precedence, otherwise this really can happen, and
you need to get/set the domain sid.

net getlocalsid OLDNETBIOSNAME
net setlocalsid S-.....

should do the job, for 3.0.  It also happens in Samba 2.2, but we don't
have 'net' there, and it's harder to fix.  I think there are details in
the archives.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040504/31545eb7/attachment.bin

More information about the samba mailing list