[Samba] Samba & SIDs

Julian Pilfold-Bagwell jools at oss4all.plus.com
Sun Nov 20 10:19:54 GMT 2005


Yep, that was my first thought but I noticed that there are two SIDs relating 
to the server, the machine SID and the Domain SID.  Originally, when I 
migrated from NT I used "net getlocalsid <domain>" to pull the domain SID 
into secrets.tdb. If I then ran net getlocalsid <domain> the migrated sid 
would show.

 If I run setlocalsid and insert the domain sid into it it's the machine sid 
that gets set. The new (incorrect) domain sid stays the same.   

I get the feeling that I'm being overcautious but I have 700 users hanging of 
this one and at the moment they can all log in albeit we can't add/remove 
users etc. If I change the SID and it goes completely tits I think they may 
all be at the door with pitchforks and torches ;)

Anyway I suspect I'm missing something really obvious (as usual that damn 
wood's hiding the trees again)


On Sunday 20 Nov 2005 02:29, Craig White wrote:
> On Sat, 2005-11-19 at 23:32 +0000, Julian Pilfold-Bagwell wrote:
> > Hi all,
> >
> > I need help to clear a bit of confusion regarding SIDs on Samba servers.
> >
> > I had my PDC collapse on Thursday which wasn't too much of a problem as I
> > had everything backed up but I'm now in the position that I have a
> > mismatched Domain SID. If I run net getlocalsid I get the sid for the
> > server (called smb0) and net get local sid <domain> returns the sid for
> > the Domain.
> >
> > I need to recover the original domain SID but setlocalsid changes the SID
> > for the machine. As it is, people can log onto the domain but I can't set
> > up any new accounts or change user details with smbldap-tools.
> ----
> sounds like all you need to do is run 'net setlocalsid
> S-1..............' with the SID the same as the PDC that collapsed
> Craig
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

More information about the samba mailing list