[Samba] Re: samba Digest, Vol 55, Issue 18

Dragan Krnic dkrnic at googlemail.com
Wed Jul 18 14:07:24 GMT 2007

What's wrong with WARLOCK?
Just kidding. If you don't like it, change it, but do expect problems.
It's not something you will find a recipee for in a How-to book.

The SETLOCALSID changes only the LOCAL SID, not the
GLOBAL SID, for which we would probably need SETGLOBALSID.

When I faced the same problem, I did something really wrong
but it worked. I copy-pasted the LOCAL SID to the GLOBAL SID
in "secrets.tdb".

Now in your case, it would probably be even easier to just think up
a new 7-letter word to overwrite the current name in both "smb.conf"
and "secrets.tdb".

Unfortunately WARLOCK is also tatooed in several places in each
client's registry. Hopefully, pasting over the new name with a .reg script
will obviate the need to re-join the domain. Try it out, when there is no
one to disturb. Back up "/etc/samba" and "/var/lock/samba" with smb
and nmb stopped so that you can back out of it if necessary.

> From: Didster <didster at gmail.com>
> To: samba at lists.samba.org
> Date: Tue, 17 Jul 2007 12:31:52 +0100
> Subject: [Samba] Changing domain name
> Hi,
> For reasons best known to the IT admin before myself, we currently
> have a domain name of WARLOCK.  I want to change this.  We have about
> 15 WinXP Pro client machines on the domain as well as a few linux
> domain clients.
> A bit of reading shows that it should be as simple as doing a net
> getlocalsid, making the change, followed by a net setlocalsid.
> I started doing this when I noticed something [The PDC machine name is North]:
> north:~# net getlocalsid
> SID for domain NORTH is: S-1-5-21-2864586203-3687421127-69847892
> north:~# net getlocalsid WARLOCK
> SID for domain WARLOCK is: S-1-5-21-403220451-921850273-241492889
> According to this in the how to: Chapter 13. Remote and Local
> Management: The Net Command
> "First, do not forget to store the local SID in a file. It is a good
> idea to put this in the directory in which the smb.conf file is also
> stored. Here is a simple action to achieve this:
> root#  net getlocalsid > /etc/samba/my-sid
> Good, there is now a safe copy of the local machine SID. On a PDC/BDC
> this is the domain SID also."
> It says that on a PDC, it should give the domain SID.  So, why on my
> PDC do I get different results for getlocalsid and getlocalsid
> I'm probably being stupid, but worried if I change the domain name,
> and do a "setlocalsid S-1-5-21-403220451-921850273-241492889" it will
> just change the SID of the machine, and I wont be able to restore the
> domain SID.

More information about the samba mailing list