[Samba] Domain SID issue

Samba List Unetix sambalist at unetix.nl
Tue Feb 8 18:37:56 GMT 2005 

Hello

I have a client who historical had a machinename with an underscore
in it : samba_machine
I had to get rid of the underscore names and changed the name
to samba-machine. At the same time I upgraded to samba-3.0.11 to
get a printer queue problem resolved.
Now it seems the Domain SID has changed, so I changed the new SID
back to the old one with net setlocalsid, because on all machines I had
problems with logging in as domain Administrator (which was added as a local
administrator , but with the old SID, so instead of the domain administrator
name the old SID was listed as a local administrator) and moreover, all the 
machines seem to have lost their domain account.
But it didn't help, the domain administrator still can't login in the domain
machines, and the machines still don't recognize their accounts.
So the situation:
All machines and domain administrator have accounts at domain sid : OLD-SID
Apparently the domain sid has changed to : NEW-SID , I try
to set NEW-SID back to OLD-SID with "net setlocalsid OLD-SID", 
command net getlocalsid returns now : OLD-SID , instead of NEW-SID
I restored the groupmapping, so all entries in the groupmap list command
show the OLD-SID again, 
net getlocalsid : returns OLD-SID
net getlocalsid <DOMAIN> : returns OLD-SID
net getlocalsid samba-machine : returns OLD-SID

but :
net rpc info target samba-machine : returns:
Domain Name: <DOMAIN>
Domain SID: NEW-SID   !!!!!

So how is that possible , why returns net getlocalsid the OLD-SID
and net rpc info target samba-machine the NEW-SID.

What can I do (if at all possible) to have the OLD-SID properly accepted as 
the domain SID .
And why does the command :
net getlocalsid <DOMAIN> return :
SID for domain  <DOMAIN> is: OLD-SID
and returns :
net rpc info target samba-machine :
Domain Name: <DOMAIN>
Domain SID: NEW-SID ?
Apparently the domain computers use a mechanism conform net rpc and
get the NEW-SID returned, which is the wrong SID , instead of the OLD-SID
as set by net setlocalsid.

TIA
Wim Bakker

More information about the samba mailing list