[Samba] Re: Domain SID does not match built in domain groups SIDs...
jason.shaw at amiwest.com
Fri Sep 1 17:07:30 GMT 2006
>>> Would remapping them correct the SIDs? Can I just >>use a LDAP editor and
>>> manually change the SID to what it should be without >>screwing up other
>>> things? To my understanding, all the important Samba >>data is stored in
>>> LDAP. So I shouldn't have to worry about the >>contents of smbpasswd,
>>> secrets.tdb, or anything of that nature, right?
>>> Given I can just edit the SIDs, I do know that I may >>have to restart the
>>> SMB daemon, rejoin some users to groups, correct >>the local
>>> administrators group on workstations, etc. I >>understand the clean up, I
>>> don't want to ruin anything else that's not a simple text >>edit or
>>> command call.
> There is a utility that allows you to change the domain's SID. Search the
> archives and the documentation for "net setlocalsid"
I do not want to change the domain or the server SID. Doing so would
invalid the users I have already entered. I just want to fix a couple of
groups that have bad SIDs.
Looking through the IDEALX scripts, it appears that I can just edit
these SIDs with an LDAP editor; they appear to only modify the LDAP, no
other Samba files (secrets.tdb, etc). But I'm not certain and do not
want to proceed until I know I won't screw myself over by doing so.
Does anyone see anything wrong with this? Should I just delete these
groups and recreate them? Would that be a more smart way?
More information about the samba