[Samba] Classic Upgrade changes domain SID

[Peter Koch]

Hi Roland,

I did some investigations about why the classic upgrade
script creates an AD-DC with a domain SID different from
my old NT4-DC.

.../samba/lib64/python3.9/site-packages/samba/upgrade.py
reads variable domainsid in line 494 via:
domainsid = passdb.get_global_sam_sid()

I inserted line 495 into upgrade.py, namely:
raise Exception(domainsid);

Now classic upgrade script fails with:

 >ERROR(exception): uncaught exception - 
S-1-5-352321536-3589954388-2200284306-183212708
 >  File 
"/usr/samba/lib64/python3.9/site-packages/samba/netcmd/__init__.py", 
line 230, in _run
 >    return self.run(*args, **kwargs)
 >  File 
"/usr/samba/lib64/python3.9/site-packages/samba/netcmd/domain.py", line 
1671, in run
 >    upgrade_from_samba3(samba3, logger, targetdir, 
session_info=system_session(),
 >  File "/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py", 
line 495, in upgrade_from_samba3
 >    raise Exception(domainsid);

But tdbdump secrets.tdb shows:

 ># tdbdump secrets.tdb
 >{
 >key(18) = "SECRETS/SID/SERV00"
 >data(68) = 
"\01\04\00\00\00\00\00\05\00\00\00\15T[\FA\D5\92\AC%\83\A4\9A\EB\0A\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
 >}
 >{
 >key(15) = "SECRETS/SID/NAV"
 >data(68) = 
"\01\04\00\00\00\00\00\05\00\00\00\15T[\FA\D5\92\AC%\83\A4\9A\EB\0A\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
 >}
 >{
 >key(19) = "SECRETS/DOMGUID/NAV"
 >data(16) = "\B0\1Fs\87\D0\EFLJ\82%F\C3\FD\1B{\FE"
 >}
 >{
 >key(17) = "INFO/random_seed\00"
 >data(4) = "\FE\99\F4D"
 >}

My NT4 domains SID is:

 ># net getdomainsid
 >SID for local machine SERV00 is: S-1-5-21-1415314133-2460755331-2761616138
 >SID for domain NAV is: S-1-5-21-1415314133-2460755331-2761616138

So why in the world does passdb.get_global_sam_sid()
reads a different domain SID from passwd.tlb?

Peter