[Samba] samba3.0.22 - "net setlocalsid" with no effect

Friedrich Strohmaier listen_div at bits-fritz.de
Wed Apr 2 13:30:39 GMT 2008 

Hi Doug, *,

Sorry for my late answer - I discovered your mail, which never reached
my box, on gmane..

Douglas VanLeuven schrieb:
>Friedrich Strohmaier wrote:

[..]

>I can't tell what you're trying to do from what you've described.
>It looks like you set the local machine sid and it worked.

It was the SID of the machine acting as PDC ..

>The local machine sid will be different than the domain sid.

That's aparently the one problem I have (which is solving a different
one..) :o))

>A profile based on the local machine sid won't be a roaming profile it
>will be a local profile.

As long as the local SID differs from the Domain SID?..


> [..]

>> root# net setlocalsid SID_WANTED
>> root#

>> root# net getlocalsid
>> SID for domain DOMAIN is: SID_WANTED

This output reflects, what I want to have but[1]..

>> Result:
>> Client with Roamingprofile based on SID_WANTED is not able to
>> connect to DOMAIN but has access to shares.

>> OOOoops!

>If the local user name and password are the same as the domain name
> and password, depending on the security model, it's an old trick to
> allow access to shares in a workgroup without being a domain member. 
> Which is sort of what you describe.

exactly

>>> More Tests found here:
>>> http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetComma
>>>nd.html#netmisc1

>>> root# net rpc info
>>> Domain Name: DOMAIN
>>> Domain SID: SID_NOT_WANTED
.. [1] differs from this one

>>> Sequence number: 1206493306
>>> Num users: 37
>>> Num domain groups: 0
>>> Num local groups: 0

>I would think zero groups with 37 users is a hint to a problem.

May be, for I did not join the workstations to the _new_ domain's
SID_NOT_WANTED but probably that's a completely different thing.

The problem seems to be, that the Domain SID set by setlocalsid and
confirmed by getlocalsid doesn't really arrive as the domain SID.

That means that the How To described here:
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2600168 
does not work as expected in my configuration for any reason.

Thanx for Your answer.
-- 
Friedrich
beste Grüße/best regards
von der/from the
Sonnenalb - Germany

More information about the samba mailing list