[Samba] How can I change the localSID for a SAMBA Server?

Tetra terjet-list at funcom.com
Tue Dec 15 22:27:12 UTC 2015

On 15.12.2015 22:16, Byron Bogaert wrote:
> We need to change the SID on a standalone server because it needs to also
> act as a File Server. The authentication comes from LDAP, and we have
> existing entries in LDAP for SID of the domain. Instead of change all the
> SID in ldap, we would like to be able to change it on the server.

I noticed something similar (though while testing on some older samba-3 
standalone servers, where I wanted to see if I could use ldap
instead of a rsync replicated smbpasswd file by setting the same SID on
all servers.)

The SID is locally stored in secure.tdb and you can see it with tdbtool
(though in hex, and need to know that the last three 10-digit numbers in 
the SID are 32-bits or 4-Byte each)

Seems net setlocalsid changed the sid in secrets.tdb, but the server
finds its SID in LDAP after that is set up in smb.conf, and there it was 
not changed.

I solved it by also changing it manually on the LDAP server, or made
sure that the sid was changed locally before starting up smbd with LDAP
configured, or deleted the LDAP entry for the server and restarted smbd
so it was generated anew.


More information about the samba mailing list