[Samba] Samba PDC, v3.0.25b,
tdbsam: should Server have its own SID etc ?
Chris Hall
chris.hall at halldom.com
Fri Jul 13 17:06:38 GMT 2007
On Wed, 11 Jul 2007 Chris Hall (Chris Hall <chris.hall at halldom.com>)
wrote
>
>Help...
>
>I'm running Samba v3.0.25b, recently upgraded.
>
>I use tdbsam, winbindd etc.
>
>The Samba machine is a PDC. If the machine is FRED and the domain is
>HOME, should I set up a machine account for FRED and join that to the
>HOME domain ?
>
>Should the machine FRED have its own domain SID ?
>
>Or... is are the machine FRED and the domain HOME one and the same ?
I note that if I discard all configuration and start with an empty
secrets.tdb, then FRED and HOME are set up with the same SID.
I found that to restore the original SID what I had to do was:
* delete secrets.tdb
* net setlocalsid S-xxxxx-xxxx-xxx
this put the SID for FRED into the secrets.tdb.
* net groupmap add ntgroup="Domain Admins" rid=512 unixgroup=DAMN
type=d
which puts the SID for HOME into the secrets.tdb
I cannot help feeling that the Domain and the PDC machine should have
distinct SIDs.... after all, a BDC will have its own machine SID, and if
promoted to PDC must retain that machine SID ??
Chris
--
Chris Hall @ Home +44 (0)7970 277 383
More information about the samba
mailing list