[Samba] How to fix wrong SIDs

Rowland Penny rowlandpenny at googlemail.com
Thu Aug 21 07:20:11 MDT 2014

On 21/08/14 13:55, Daniel Tamm wrote:
> I am operating a PDC samba server running version 4.1.6-Ubuntu with an
> OpenLDAP backend. Due to problems during the upgrade to Samba4, I needed
> to recover the users and groups from a backup. Now, I ended up with 2
> different entries for sambaDomainName: one is my real domain, the other
> is just named "sambaDomain". I suppose that the latter comes from the
> clean samba install I did during upgrade. The 2 domains have different SIDs.
> Now, the problem is that some users (root) and groups (Domain Admins,
> Domain Computers, Domain Guests, Domain Users) have SIDs belonging to
> the domain sambaDomain. I suppose that this can be the cause of some
> other problems I have.
> So my question is, what is the best way to correct the problem? Can I
> just delete the entry sambaDomainName=sambaDomain, and then adjust the
> SIDs of the aforementioned users and groups so that they contain the SID
> of my real domain? I am using phpLDAPAdmin.
> Another question: may the SID problem be the cause for my problem to add
> a domain group to the local Administrator group on a workstation?
> (there, I may add the group once, but when I re-open the dialog, it is
> not there any more. The next time I try to add the group, I just get the
> notice that it has already been added. Users in the domain group are not
> granted Admin rights.)
> Thank you!
> Daniel
Is this in a test domain or production ? If it is the former, I would 
start again, if it is the later, then again, it might be easier to start 
again, just how many users/computers in the domain. How did you do the 
'upgrade' ??


More information about the samba mailing list