[Samba] Re: Renamed PDC, now user profiles don't work

Anthony Chavez acc at anthonychavez.org
Tue May 11 19:08:24 GMT 2004

Hash: SHA1

I don't mean to be a pest, but I felt that I should reiterate my
questions again because I feel that it is an issue that recurrs enough
to warrant inclusion in the HOWTO (or is it there and I'm just not
seeing it?).

And I'd like to re-emphasize that I'm offering to patch it. ;-)

On Tue, 04 May 2004 10:24:05 -0600 Anthony Chavez <acc at anthonychavez.org> wrote:
> On Tue, 04 May 2004 13:58:25 +1000 Andrew Bartlett <abartlet at samba.org> wrote:
>> On Tue, 2004-05-04 at 11:46, Anthony Chavez wrote:
>>> On Mon, 03 May 2004 19:19:41 -0600 Anthony Chavez <acc at anthonychavez.org> wrote:
>>> > I just changed the NetBIOS name of my PDC (*not* the name of the domain)
>>> > and now the security properties of the domain user profile on my
>>> > Win2kSP4 workstation shows "S-1-5-21-..." as the user rather than the
>>> > username.
>>> It turned out that this particular machine had a very shaky network
>>> connection.  Please disregard my post. ;-)
>> However, as a warning to others - this can happen.  There was an issue
>> (and it still happens for domain members, for their 'local' users) where
>> if you rename a Samba machine, it can regenerate the local SAM sid.  On
>> a PDC, this is also the domain SID.
> After I had replaced the cable, I discovered that the problem was that
> the user was assigned a new SID after all.  Fortunately, the affected
> user stated that trashing the local profile was an option, so I just
> deleted the local copy and had the workstation snarf a fresh one off the
> server.
> A few questions, however:
> 1) Is a patch for this issue desirable?  Do we *want* users to retain
>    their SIDs after a machine gets a new name?  My initial response
>    would be "yes," but I don't consider myself a M$ administration guru.
> 2a) What would be the "proper" procedure to follow in renaming a PDC?
> 2b) During a discussion on IRC, it was suggested (after I had already
>     mucked about a bit and brought about the error in the first place)
>     that I configure my new server name in the NetBIOS name parameter
>     and my old one in the NetBIOS alias parameter.  I wasn't told that
>     this would actually fix the problem, but I was given the impression
>     that if I were to do that first, then disjoin and rejoin my
>     workstations to the domain, it might.  Would it?
> 3) When I've got multiple workstations involved, one of my biggest
>    concerns is that any changes that happen to the local profile during
>    the name change get propagated to the server.  Is this going to have
>    to be done by hand if the SIDs change and the workstation doesn't
>    reassociate the server UID with the new SID?
> P.S.: I know what an SID is.  No, really. ;-)
> P.P.S.: Sorry for not mentioning this in my first post (I'm usually
> really good about doing so), but FWIW, I'm running 2.2.8a on FreeBSD
> 4.9-STABLE.  I also apologize for not posting my smb.conf---I usually do
> that as well.  I was in a bit of a hurry at the time.

- -- 
Anthony Chavez                             http://www.anthonychavez.org/
mailto:acc at anthonychavez.org                jabber:acc at anthonychavez.org
Version: GnuPG v1.2.4 (Darwin)


More information about the samba mailing list