[Samba] Help cleaning up domain SID mess...

Phil Burrow philburrow at blueyonder.co.uk
Tue Jul 31 01:56:09 GMT 2007


Bjoern Tore Sund wrote:

 > No Windows here, this is the cifs disk server for 800 Linux clients.
 > None of which are members of the domain in any meaningful way.  I just
 > want all the servers to authenticate against the same LDAP server, the
 > domain is irrelevant for functionality.  Hmmm.  Which means that I might
 > just get away with setting the same SID on all four domains and leave it
 > at that... ?
 >
 > -BT

Makes sense if thats all you need and theres no Windows stuff to break, 
yep :) Sorry for being presumptuous about your setup!

You would need to remove three of the sambaDomainName entries if you 
only want a single domain though, and ensure that the only one present 
is sambaDomainName=UNIX.

When you do net getlocalsid, it should be looking up the details for the 
domain you specified in smb.conf (UNIX) in your LDAP directory. Check 
your logs, see if it's happening and see what questions it's asking your 
LDAP server, that way you can see where it's getting its unusual SID 
information from and why it may not be setting the SID like it should.

i.e. on one of my broken systems that I use for playing about with 
stuff, I just booted to test it and I can see that if I do net 
getlocalsid its looking for:

smbldap_search_domain_info: Query was: dc=mydomain,dc=co,dc=uk, 
(&(objectClass=sambaDomain)(sambaDomainName=MYDOMAINFROMSMB-CONF))

Phil



More information about the samba mailing list