[Samba] Samba LDAP SID and Local SID

Craig White craigwhite at azapple.com
Tue Mar 7 03:47:23 GMT 2006

On Tue, 2006-03-07 at 14:34 +1100, Pavan wrote:
> Hi All,
>         I am running Samba - 3 using a ldap backend, recently I have 
> needed to change the domain of the computers as I am migrating to other 
> server, I have the ldap database and populated the ldap database on the 
> new server, but I am facing a problem with SID's as the SambaSID in the 
> ldap backend is from the old samba server which is different from the 
> current SambaSID(net getlocalsid) but Its not really feasible for me to 
> create all the user accounts again on LDAP. Can any one advise me on how 
> to get around this? Without changing the SID's I am unable to join the 
> machines to the new domain and get an error *"o mapping between account 
> names and security Id's" .
> *
you could slapcat your DSA to a text file and do a find/replace
operation to change the SID's in bulk and of course, you can change the
SID for the domain directly in LDAP - simply with net setlocalsid
(provided you have idealx-tools properly configured) but it would seem
that the thing you aren't saying is that you know of course, if you do
that, you will have to rejoin all the machines to the new domain and
migrate the user profiles to the new domain too.

You probably need to check out the migration information in


More information about the samba mailing list