[Samba] Help cleaning up domain SID mess...
Phil Burrow
philburrow at blueyonder.co.uk
Mon Jul 30 08:34:28 GMT 2007
Bjoern Tore Sund wrote:
>> If you do "net getlocalsid" on each of your SLES machines, the SID
>> that is returned should be the same for all of them if you want them
>> all to be controllers on your domain. If it's not, pick the SID you
>> want - i.e. the sambaSID all your users have in their LDAP records -
>> then "net setlocalsid MYDOMAINSID" on the servers you wish to change
>> to that SID. (NB: On a domain, "net getlocalsid" and "net getlocalsid
>> MYDOMAIN" should return the same.)
>>
>> Then go into your LDAP directory and delete all but one of the
>> sambaDomainName=UNIX entries, and ensure the remaining one has
>> sambaSID set to MYDOMAINSID.
>>
>> That is probably all you need to do.
>
> Thanks a lot. The last remaining quiestion is then what happens when I
> rename sambaDomainname=ukl-samba to sambaDomainname=unix and proceed
> from there?
This is why you need to test it before doing it ;)
If your intention is to consolidate your 4 domains into one, with a PDC
and some BDCs then provided the sambaSID in the user records is the same
as the domain SID then your setup - with your 4 servers each having the
same SID - should work correctly.
You might need to re-add your client machines to the new domain. I dont
know if Windows could handle the domain name changing but having the
same SID.
If you are using roaming profiles or things such as this you might
encounter Windows complaining if the SID changes, but if you use the
sambaSID you used already have then it shouldn't do.
Cheers,
Phil
More information about the samba
mailing list