[Samba] problems adding machines after upgrade - sambaSID
attribute incomplete!
Craig White
craigwhite at azapple.com
Sat Mar 18 22:29:33 GMT 2006
On Sat, 2006-03-18 at 16:50 -0500, Pablo Chamorro C. wrote:
> > #2 - what do you get from command... 'net getlocalsid' ?
>
> I get this:
>
> SID for domain XXX is: S-1-5-21-2502698289-3639879065-7544774837
>
> and the output of 'net getlocalsid DOMAIN' is:
>
> SID for domain DOMAIN is: S-1-5-21-2502698289-3639879065
>
> oops! it seems the error is here, XXX is our PDC name. I kept a copy of
> the previous secrets.tdb. Comparing, I can see two differences: the
> INFO\sandom_seed key changed and so does the SECRETS/SID/DOMAIN key! and I
> can see that both the DOMAIN and PDC SID were the same!.
>
> Is it ok to change the SID for my DOMAIN as it was before in spite of the
> fact that that SID is the same PDC SID? or do I need to change the PDC
> SID too?
----
No - but it would seem to me that the DOMAIN SID is stored in LDAP and
not in secrets.tdb...
The PDC is the DOMAIN and obviously the SID for a PDC and the DOMAIN
should be the same.
----
>
> I appreciate very much your help. We're gonna update our samba.schema
> and to review our smbldap-tools config.
----
sounds like it might not be the config at all...but you better verify
that the smbldap-config file has the right SID
Craig
More information about the samba
mailing list