[Samba] SID security
Robert Wooden
wdn2420systm at gmail.com
Mon Oct 5 15:16:29 UTC 2020
Thanks to data backups I can "whip out" the /srv directory and rebuild from
scratch to "get permissions correct."
Doing this because, yes, I did provision a new domain.
(Probably faster to wipe, reconfigure dir and restore than correct the SID
mistake.)
Oh well, learning the hard way or as we like to call it around here, "OJT"
(on the job training.)
On Mon, Oct 5, 2020 at 9:50 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 05/10/2020 15:06, Robert Wooden wrote:
> > After sending the email I realized that I did not mention that while
> > rebuilding the OS, I kept the "old" /srv/samba files. Which in turn
> > kept the old permission settings. I think (could be wrong) that
> > keeping the old SID are now different from the new SID's created while
> > rebuilding to v4.12.6.
> >
> > To answer your DC question:
> > root at dc1:~# wbinfo -s S-1-5-21-589789-1426474111-2143966843-500
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup sid S-1-5-21-589789-1426474111-2143966843-500
> > root at dc1:~# wbinfo -s S-1-5-21-589789-1426474111-2143966843-512
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup sid S-1-5-21-589789-1426474111-2143966843-512
> > root at dc1:~# wbinfo -s S-1-5-21-589789-1426474111-2143966843-513
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup sid S-1-5-21-589789-1426474111-2143966843-513
> >
> You possibly have major problems
>
> How did you rebuild the OS ?
>
> Did you provision a new domain ?
>
> If so, you will now have a new domain SID and anything from the old
> domain that contains a SID will have a different SID
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list