[Samba] Classic Upgrade changes domain SID
Peter Koch
sambamailinglist at gmail.com
Mon Aug 28 09:33:04 UTC 2023
Hi Andrew, Hi Roland
Current status of my problem:
- Domain SID of my old samba 3.6.14 NT4-DC is:
S-1-5-21-1415314133-2460755331-2761616138
- I confirmed that this SID is contained in
secrets.tdb (by running tdbdump on the samba3 server)
- the correct secrets.tdb file was transfered to
the new server.
- upgrade script does open the correct secrets.tdb
file (checked with strace-output)
- upgrade.py calls passdb.get_global_sam_sid() in
line 494 and this call returns a different SID, namely
S-1-5-352321536-3589954388-2200284306-183212708
- This is not a randomly generated SID as upgrade.py
uses this SID on every invocation. It must be stored
somewhere.
- There's no LDAP involved. Our samba3 server uses
the passdb backend and the samba4-LDAP is not
yet running while upgrade.py does NT4-AD-migration.
I will debug get_global_sam_sid() ASAP to find out
how the wrong domain SID ist determined. So far
I'm clueless.
I would like to try a very quick and dirty hack, namely
replace lines 491-495 of upgrade.py:
# Get domain sid
try:
domainsid = passdb.get_global_sam_sid()
except passdb.error:
raise Exception("Can't find domain sid for '%s', Exiting." %
domainname)
by:
# Get domain sid
try:
domainsid = passdb.get_global_sam_sid()
domainsid = "S-1-5-21-1415314133-2460755331-2761616138"
except passdb.error:
raise Exception("Can't find domain sid for '%s', Exiting." %
domainname)
Of course this does not work as domainsid must be a
variable of type dom_sid and the above changes domainsid
into a string.
Unfortunately I know nothing about Phython. How would I store
the correct SID-value in variable domainsid in Python-syntax?
Peter
More information about the samba
mailing list