[Samba] [Solved] PDC: System SID missing / inconsistent with domain SID

[Eric Shubert]

On 08/26/2013 07:57 PM, Eric Shubert wrote:
> On 08/26/2013 01:21 PM, Eric Shubert wrote:
>> I'm guessing that adding a TACS-DC record to the old host would fix the
>> problem of not being able to get its SID.
>
> This appears to work now.
>
>> I'm also guessing that adding a LANYARD record to the new host *might*
>> make it recognize that it's a domain controller. I hope to test this
>> later today, when users are gone.
>
> This didn't appear to help. The new DC still doesn't recognize itself as
> a DC:
> # net rpc trustdom list -U shubes
> Unable to find a suitable server for domain R3I
> Couldn't connect to domain controller: NT_STATUS_UNSUCCESSFUL
> #
>
> I do have the SID of the domain/host that was created by this host. I
> wonder if restoring those records in secrets.tdb, then using the net
> command to change the SID of the domain and host might fix things up.
> Does the net setdomainsid command do anything more than change the value
> of the record in the tdb file? If it does, that could be a solution.
>
> Anyone have any insight about how to go about changing the host name of
> a domain controller (while migrating it)?
>
> Thanks.
>

I'm posting the solution for posterity.

"net setdomainsid" does nothing more than change the sid in the 
secrets.db file.

Changing the host name of a PDC is simply a matter of adding a record in 
the secrets.db file with the same SID as the previous hostname record 
(which is the same SID value as the domain record there).

This is sooo lame that I'm almost embarrased. The problem was that nmbd 
wasn't running on the PDC. Somewhere between 3.0 and 3.6, RH changed the 
smb init script to only control smbd, and nmbd now has its own init 
script. DOH! (Note, I do like the change though)

Solution:
# service nmb start
# chkconfig nmb on

I'm a little surprised (and disappointed) that nobody here realized 
this. It's sort of obvious to me now.

-- 
-Eric 'shubes'


-- 
-Eric 'shubes'