[Samba] Samba & SIDs
jools at oss4all.plus.com
Sun Nov 20 10:19:54 GMT 2005
Yep, that was my first thought but I noticed that there are two SIDs relating
to the server, the machine SID and the Domain SID. Originally, when I
migrated from NT I used "net getlocalsid <domain>" to pull the domain SID
into secrets.tdb. If I then ran net getlocalsid <domain> the migrated sid
If I run setlocalsid and insert the domain sid into it it's the machine sid
that gets set. The new (incorrect) domain sid stays the same.
I get the feeling that I'm being overcautious but I have 700 users hanging of
this one and at the moment they can all log in albeit we can't add/remove
users etc. If I change the SID and it goes completely tits I think they may
all be at the door with pitchforks and torches ;)
Anyway I suspect I'm missing something really obvious (as usual that damn
wood's hiding the trees again)
On Sunday 20 Nov 2005 02:29, Craig White wrote:
> On Sat, 2005-11-19 at 23:32 +0000, Julian Pilfold-Bagwell wrote:
> > Hi all,
> > I need help to clear a bit of confusion regarding SIDs on Samba servers.
> > I had my PDC collapse on Thursday which wasn't too much of a problem as I
> > had everything backed up but I'm now in the position that I have a
> > mismatched Domain SID. If I run net getlocalsid I get the sid for the
> > server (called smb0) and net get local sid <domain> returns the sid for
> > the Domain.
> > I need to recover the original domain SID but setlocalsid changes the SID
> > for the machine. As it is, people can log onto the domain but I can't set
> > up any new accounts or change user details with smbldap-tools.
> sounds like all you need to do is run 'net setlocalsid
> S-1..............' with the SID the same as the PDC that collapsed
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
More information about the samba