[Samba] How to fix wrong SIDs

Daniel Tamm daniel.tamm at biomil.se
Thu Aug 21 06:55:17 MDT 2014

I am operating a PDC samba server running version 4.1.6-Ubuntu with an
OpenLDAP backend. Due to problems during the upgrade to Samba4, I needed
to recover the users and groups from a backup. Now, I ended up with 2
different entries for sambaDomainName: one is my real domain, the other
is just named "sambaDomain". I suppose that the latter comes from the
clean samba install I did during upgrade. The 2 domains have different SIDs.
Now, the problem is that some users (root) and groups (Domain Admins,
Domain Computers, Domain Guests, Domain Users) have SIDs belonging to
the domain sambaDomain. I suppose that this can be the cause of some
other problems I have.

So my question is, what is the best way to correct the problem? Can I
just delete the entry sambaDomainName=sambaDomain, and then adjust the
SIDs of the aforementioned users and groups so that they contain the SID
of my real domain? I am using phpLDAPAdmin.

Another question: may the SID problem be the cause for my problem to add
a domain group to the local Administrator group on a workstation?
(there, I may add the group once, but when I re-open the dialog, it is
not there any more. The next time I try to add the group, I just get the
notice that it has already been added. Users in the domain group are not
granted Admin rights.)

Thank you!

More information about the samba mailing list