[Samba] Re: Renamed PDC, now user profiles don't work
Anthony Chavez
acc at anthonychavez.org
Tue May 11 19:08:24 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't mean to be a pest, but I felt that I should reiterate my
questions again because I feel that it is an issue that recurrs enough
to warrant inclusion in the HOWTO (or is it there and I'm just not
seeing it?).
And I'd like to re-emphasize that I'm offering to patch it. ;-)
On Tue, 04 May 2004 10:24:05 -0600 Anthony Chavez <acc at anthonychavez.org> wrote:
> On Tue, 04 May 2004 13:58:25 +1000 Andrew Bartlett <abartlet at samba.org> wrote:
>> On Tue, 2004-05-04 at 11:46, Anthony Chavez wrote:
>>> On Mon, 03 May 2004 19:19:41 -0600 Anthony Chavez <acc at anthonychavez.org> wrote:
>>> > I just changed the NetBIOS name of my PDC (*not* the name of the domain)
>>> > and now the security properties of the domain user profile on my
>>> > Win2kSP4 workstation shows "S-1-5-21-..." as the user rather than the
>>> > username.
>>>
>>> It turned out that this particular machine had a very shaky network
>>> connection. Please disregard my post. ;-)
>>
>> However, as a warning to others - this can happen. There was an issue
>> (and it still happens for domain members, for their 'local' users) where
>> if you rename a Samba machine, it can regenerate the local SAM sid. On
>> a PDC, this is also the domain SID.
>
> After I had replaced the cable, I discovered that the problem was that
> the user was assigned a new SID after all. Fortunately, the affected
> user stated that trashing the local profile was an option, so I just
> deleted the local copy and had the workstation snarf a fresh one off the
> server.
>
> A few questions, however:
>
> 1) Is a patch for this issue desirable? Do we *want* users to retain
> their SIDs after a machine gets a new name? My initial response
> would be "yes," but I don't consider myself a M$ administration guru.
>
> 2a) What would be the "proper" procedure to follow in renaming a PDC?
>
> 2b) During a discussion on IRC, it was suggested (after I had already
> mucked about a bit and brought about the error in the first place)
> that I configure my new server name in the NetBIOS name parameter
> and my old one in the NetBIOS alias parameter. I wasn't told that
> this would actually fix the problem, but I was given the impression
> that if I were to do that first, then disjoin and rejoin my
> workstations to the domain, it might. Would it?
>
> 3) When I've got multiple workstations involved, one of my biggest
> concerns is that any changes that happen to the local profile during
> the name change get propagated to the server. Is this going to have
> to be done by hand if the SIDs change and the workstation doesn't
> reassociate the server UID with the new SID?
>
> P.S.: I know what an SID is. No, really. ;-)
>
> P.P.S.: Sorry for not mentioning this in my first post (I'm usually
> really good about doing so), but FWIW, I'm running 2.2.8a on FreeBSD
> 4.9-STABLE. I also apologize for not posting my smb.conf---I usually do
> that as well. I was in a bit of a hurry at the time.
- --
Anthony Chavez http://www.anthonychavez.org/
mailto:acc at anthonychavez.org jabber:acc at anthonychavez.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFAoSStbZTbIaRBRXERAgtLAKCBWyUvHWPoWfYCJ4eGNgL0KeV4uACfaeYP
QVHfU+FjScMdxUO67e/DucU=
=YFgh
-----END PGP SIGNATURE-----
More information about the samba
mailing list