[Samba] Re: Renamed PDC, now user profiles don't work

Andrew Bartlett abartlet at samba.org
Tue May 4 03:58:25 GMT 2004


On Tue, 2004-05-04 at 11:46, Anthony Chavez wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Mon, 03 May 2004 19:19:41 -0600 Anthony Chavez <acc at anthonychavez.org> wrote:
> > I just changed the NetBIOS name of my PDC (*not* the name of the domain)
> > and now the security properties of the domain user profile on my
> > Win2kSP4 workstation shows "S-1-5-21-..." as the user rather than the
> > username.
> 
> It turned out that this particular machine had a very shaky network
> connection.  Please disregard my post. ;-)

However, as a warning to others - this can happen.  There was an issue
(and it still happens for domain members, for their 'local' users) where
if you rename a Samba machine, it can regenerate the local SAM sid.  On
a PDC, this is also the domain SID.

In current versions of Samba (3.0.1 or 3.0.2 I think) we make sure that
the 'domain' sid takes precedence, otherwise this really can happen, and
you need to get/set the domain sid.

net getlocalsid OLDNETBIOSNAME
net setlocalsid S-.....

should do the job, for 3.0.  It also happens in Samba 2.2, but we don't
have 'net' there, and it's harder to fix.  I think there are details in
the archives.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040504/31545eb7/attachment.bin


More information about the samba mailing list