[Samba] samba3.0.22 - "net setlocalsid" with no effect

Friedrich Strohmaier listen_div at bits-fritz.de
Mon Apr 7 14:58:54 GMT 2008 

Hi Doug, *,

I was calling sernet support.. ;o))

Doug VanLeuven schrieb:

[..]

>I used a VM machine, FC5, samba-3.0.23c-1.fc5 because it's the scratch
>machine I have.
>Here's what I did to reset the SID of the new PDC (hoping that's what
>you want to do)

>#On the PDC, smbd, nmbd, & winbind stopped.

I've no winbindd running..

>[root at pine-fc4 ~]# testparm -sv 2>&1|less
>..
>Server role: ROLE_DOMAIN_PDC
>..

>[root at pine-fc4 ~]# service smb start
>Starting SMB services:                                     [  OK  ]
>Starting NMB services:                                     [  OK  ]

># List current unwanted SID

>[root at pine-fc4 ~]# net getlocalsid
>SID for domain VMPDC is: S-1-5-21-893123068-2258791905-4052818733
         ^^^^^^
.. doesn't hit the nail. "machine" would say the correct thing..

>[root at pine-fc4 samba]# net rpc info
>Password:
>Domain Name: VMWKGP
              ^^^^^^
This one is the domain..

>Domain SID: S-1-5-21-893123068-2258791905-4052818733
>Sequence number: 1207290693
>Num users: 1
>Num domain groups: 0
>Num local groups: 0

>#Change PDC SID to something else

>[root at pine-fc4 samba]# net setlocalsid
>S-1-5-21-999999999-2258791905-4052818733

did work ..

>[root at pine-fc4 samba]# net setdomainsid
>S-1-5-21-999999999-2258791905-4052818733

didn't work - "command not recogized" ..

I succeeded manipulating the domain SID with following steps:

On my ubuntu dapper box:
#stop sambaservice:
/etc/inid.d/samba stop
/etc/init.d/samba stop
 * Stopping Samba daemons...              [ OK ]

mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.bak 
net setlocalsid SID_WANTED  #new secrets.tdb is created

net getdomainsid
SID for domain PDC_MACHINE is: SID_WANTED
SID for domain DOMAIN is: SID_WANTED

Heureka!!

And even better: moving secrets.tdb.bak to secrets.tdb showed the old
values. Thus I can do some testing before really changing things. :o))

Ah not to forget:
/etc/init.d/samba start
 * Starting Samba daemons                  [ OK ]

[..]

First step is done - now I have to go there at late hour, change things
and do tests.

Thanks for your help - I'll report more :o))
-- 
Friedrich
beste Grüße/best regards
von der/from the
Sonnenalb - Germany

More information about the samba mailing list