[Samba] Re: Renamed PDC, now user profiles don't work

Anthony Chavez acc at anthonychavez.org
Tue May 4 16:24:05 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 04 May 2004 13:58:25 +1000 Andrew Bartlett <abartlet at samba.org> wrote:
> On Tue, 2004-05-04 at 11:46, Anthony Chavez wrote:
>> On Mon, 03 May 2004 19:19:41 -0600 Anthony Chavez <acc at anthonychavez.org> wrote:
>> > I just changed the NetBIOS name of my PDC (*not* the name of the domain)
>> > and now the security properties of the domain user profile on my
>> > Win2kSP4 workstation shows "S-1-5-21-..." as the user rather than the
>> > username.
>> 
>> It turned out that this particular machine had a very shaky network
>> connection.  Please disregard my post. ;-)
>
> However, as a warning to others - this can happen.  There was an issue
> (and it still happens for domain members, for their 'local' users) where
> if you rename a Samba machine, it can regenerate the local SAM sid.  On
> a PDC, this is also the domain SID.

After I had replaced the cable, I discovered that the problem was that
the user was assigned a new SID after all.  Fortunately, the affected
user stated that trashing the local profile was an option, so I just
deleted the local copy and had the workstation snarf a fresh one off the
server.

A few questions, however:

1) Is a patch for this issue desirable?  Do we *want* users to retain
   their SIDs after a machine gets a new name?  My initial response
   would be "yes," but I don't consider myself a M$ administration guru.

2a) What would be the "proper" procedure to follow in renaming a PDC?

2b) During a discussion on IRC, it was suggested (after I had already
    mucked about a bit and brought about the error in the first place)
    that I configure my new server name in the NetBIOS name parameter
    and my old one in the NetBIOS alias parameter.  I wasn't told that
    this would actually fix the problem, but I was given the impression
    that if I were to do that first, then disjoin and rejoin my
    workstations to the domain, it might.  Would it?

3) When I've got multiple workstations involved, one of my biggest
   concerns is that any changes that happen to the local profile during
   the name change get propagated to the server.  Is this going to have
   to be done by hand if the SIDs change and the workstation doesn't
   reassociate the server UID with the new SID?

P.S.: I know what an SID is.  No, really. ;-)

P.P.S.: Sorry for not mentioning this in my first post (I'm usually
really good about doing so), but FWIW, I'm running 2.2.8a on FreeBSD
4.9-STABLE.  I also apologize for not posting my smb.conf---I usually do
that as well.  I was in a bit of a hurry at the time.

- -- 
Anthony Chavez                             http://www.anthonychavez.org/
mailto:acc at anthonychavez.org                jabber:acc at anthonychavez.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFAl8OlbZTbIaRBRXERAk6gAJ0VqdwfAZo0KsZNF3ngeWWSTKUH5wCffl1e
NAP6nOh4FiUQ+EtmyB9rRlw=
=nXgN
-----END PGP SIGNATURE-----

More information about the samba mailing list