[Samba] Workstation SID Variability in Samba-Controlled Domains

Vincent Callanan vincent at callanan.ie
Thu Mar 8 11:08:20 GMT 2007


Does SAMBA regularly re-negotiate SID identity with member workstations. If
so, can this feature be disabled?

I am given to understand that Microsoft domain controllers "regularly"
re-negotiate SID updates with member workstations.
There is an understandable security premise for doing this, however, it is a
serious problem for installations which deploy workstation "self-restore"
functionality using Norton Ghost or such like. After a few weeks, the self
restore will not work because the original workstation SID is no longer
current in the server machine database. It is then necessary to re-do the
tedious domain re-join procedure, which defeats the whole purpose.

BTW, I am new to SAMBA and extremely pleased thus far!!! Thanks to you guys
for excellent work!

Vincent Callanan

More information about the samba mailing list