[Samba] Re: Renamed PDC, now user profiles don't work
Andrew Bartlett
abartlet at samba.org
Tue May 4 03:58:25 GMT 2004
On Tue, 2004-05-04 at 11:46, Anthony Chavez wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 03 May 2004 19:19:41 -0600 Anthony Chavez <acc at anthonychavez.org> wrote:
> > I just changed the NetBIOS name of my PDC (*not* the name of the domain)
> > and now the security properties of the domain user profile on my
> > Win2kSP4 workstation shows "S-1-5-21-..." as the user rather than the
> > username.
>
> It turned out that this particular machine had a very shaky network
> connection. Please disregard my post. ;-)
However, as a warning to others - this can happen. There was an issue
(and it still happens for domain members, for their 'local' users) where
if you rename a Samba machine, it can regenerate the local SAM sid. On
a PDC, this is also the domain SID.
In current versions of Samba (3.0.1 or 3.0.2 I think) we make sure that
the 'domain' sid takes precedence, otherwise this really can happen, and
you need to get/set the domain sid.
net getlocalsid OLDNETBIOSNAME
net setlocalsid S-.....
should do the job, for 3.0. It also happens in Samba 2.2, but we don't
have 'net' there, and it's harder to fix. I think there are details in
the archives.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040504/31545eb7/attachment.bin
More information about the samba
mailing list