[Samba] Re: Changing domain name

Didster didster at gmail.com
Thu Jul 19 18:33:08 GMT 2007


Hi,

Thanks for the response.

I did think that about getlocalsid - the clues in the name and all -
but what got me is this from one of the offical howto's

"Good, there is now a safe copy of the local machine SID. On a PDC/BDC
this is the domain SID also."

Which implies on a PDC getlocalsid will return the SID of the domain
the PDC is PDC for?  Maybe I'm miss reading it!

On 7/19/07, Dragan Krnic <dkrnic at googlemail.com> wrote:
> Sorry, it was meant to be copied to you but something went
> wrong and from the subject line on the samba forum you
> wouldn't know.
>
> On 7/18/07, Dragan Krnic <dkrnic at googlemail.com> wrote:
> > What's wrong with WARLOCK?
> > Just kidding. If you don't like it, change it, but do expect problems.
> > It's not something you will find a recipee for in a How-to book.
> >
> > The SETLOCALSID changes only the LOCAL SID, not the
> > GLOBAL SID, for which we would probably need SETGLOBALSID.
> >
> > When I faced the same problem, I did something really wrong
> > but it worked. I copy-pasted the LOCAL SID to the GLOBAL SID
> > in "secrets.tdb".
> >
> > Now in your case, it would probably be even easier to just think up
> > a new 7-letter word to overwrite the current name in both "smb.conf"
> > and "secrets.tdb".
> >
> > Unfortunately WARLOCK is also tatooed in several places in each
> > client's registry. Hopefully, pasting over the new name with a .reg script
> > will obviate the need to re-join the domain. Try it out, when there is no
> > one to disturb. Back up "/etc/samba" and "/var/lock/samba" with smb
> > and nmb stopped so that you can back out of it if necessary.
> >
> > > From: Didster <didster at gmail.com>
> > > To: samba at lists.samba.org
> > > Date: Tue, 17 Jul 2007 12:31:52 +0100
> > > Subject: [Samba] Changing domain name
> > > Hi,
> > >
> > > For reasons best known to the IT admin before myself, we currently
> > > have a domain name of WARLOCK.  I want to change this.  We have about
> > > 15 WinXP Pro client machines on the domain as well as a few linux
> > > domain clients.
> > >
> > > A bit of reading shows that it should be as simple as doing a net
> > > getlocalsid, making the change, followed by a net setlocalsid.
> > >
> > > I started doing this when I noticed something [The PDC machine name is North]:
> > >
> > > north:~# net getlocalsid
> > >
> > > SID for domain NORTH is: S-1-5-21-2864586203-3687421127-69847892
> > >
> > > north:~# net getlocalsid WARLOCK
> > >
> > > SID for domain WARLOCK is: S-1-5-21-403220451-921850273-241492889
> > >
> > > According to this in the how to: Chapter 13. Remote and Local
> > > Management: The Net Command
> > >
> > > "First, do not forget to store the local SID in a file. It is a good
> > > idea to put this in the directory in which the smb.conf file is also
> > > stored. Here is a simple action to achieve this:
> > >
> > > root#  net getlocalsid > /etc/samba/my-sid
> > >
> > > Good, there is now a safe copy of the local machine SID. On a PDC/BDC
> > > this is the domain SID also."
> > >
> > > It says that on a PDC, it should give the domain SID.  So, why on my
> > > PDC do I get different results for getlocalsid and getlocalsid
> > > <DOMAINNAME WHICH NORTH IS PDC FOR>?
> > >
> > > I'm probably being stupid, but worried if I change the domain name,
> > > and do a "setlocalsid S-1-5-21-403220451-921850273-241492889" it will
> > > just change the SID of the machine, and I wont be able to restore the
> > > domain SID.
> >
>


More information about the samba mailing list