[Samba] Samba PDC, v3.0.25b, tdbsam: should Server have its own SID etc ?

Chris Hall chris.hall at halldom.com
Fri Jul 13 17:06:38 GMT 2007

On Wed, 11 Jul 2007 Chris Hall (Chris Hall <chris.hall at halldom.com>)
>I'm running Samba v3.0.25b, recently upgraded.
>I use tdbsam, winbindd etc.
>The Samba machine is a PDC.  If the machine is FRED and the domain is
>HOME, should I set up a machine account for FRED and join that to the
>HOME domain ?
>Should the machine FRED have its own domain SID ?
>Or... is are the machine FRED and the domain HOME one and the same ?

I note that if I discard all configuration and start with an empty
secrets.tdb, then FRED and HOME are set up with the same SID.

I found that to restore the original SID what I had to do was:

  * delete secrets.tdb

  * net setlocalsid S-xxxxx-xxxx-xxx

    this put the SID for FRED into the secrets.tdb.

  * net groupmap add ntgroup="Domain Admins" rid=512 unixgroup=DAMN

    which puts the SID for HOME into the secrets.tdb

I cannot help feeling that the Domain and the PDC machine should have
distinct SIDs.... after all, a BDC will have its own machine SID, and if
promoted to PDC must retain that machine SID ??

Chris Hall   @ Home                                  +44 (0)7970 277 383

More information about the samba mailing list