[Samba] Incorrect domain SID when creating new users

Dermot paikkos at googlemail.com
Wed Feb 8 04:08:58 MST 2012


fffffffffffffffffffOn 8 February 2012 10:18, Miguel Medalha
<miguelmedalha at sapo.pt> wrote:
>

>> (...) The question is
>>
>> where do I set the domain SID? I remember doing it at some stage when
>> I set-up the samba domain but I have forgotten.
>
>
> The SID number is configured in /etc/smbldap-tools/smbldap.conf
>
> smbldap-tools comes with a script to assist in the basic configuration of
> the tools. It's called "configure.pl" in most versions but the name was
> recently changed to "smbldap-config.pl"
>

Thanks for the reply. I can't recall runnning configure.pl. Before I
cause myself any harm, I thought I should check with the list. The
smbldap.conf says to run `net getlocalsid` to obtain the SID for the
config. When I do that I get a different SID from what I was
expecting. I would have expected the domain part of the local machine
SID to match the domains SID but they do not (see below) and I would
have expected the local machine SID to match what is in the
smbldap.conf.

net getdomainsid
SID for local machine PDC is: S-1-5-21-597566789-4152996160-2957772391
SID for domain FOO is: S-1-5-21-1979685110-1467996072-351907979

grep SID /etc/smbldap-tools/smbldap.conf
#SID="S-1-5-21-2252255531-4061614174-2474224977"
SID="S-1-5-21-900663976-1457140431-1537874043"


When I create a new user, the user get a primary group SID that looks like
S-1-5-21-1979685110-1467996072-351907979-513
and a SambaSID that reads:
S-1-5-21-900663976-1457140431-1537874043-3290

So I need to change the way the domain part of the primary group SID
is defined and possibly edit the smbldap.conf so that the SID uses the
domain SID. Does that sound correct? If so, how can I modify the
primary group SID?

Thanks again,
Dermot.


More information about the samba mailing list