[Samba] Classic Upgrade changes domain SID
Peter Koch
sambamailinglist at gmail.com
Mon Aug 28 21:46:51 UTC 2023
Hi Andrew and Roland,
I spent some hours today to debug the problem by
adding lots of printf-statements into the samba4
source.
Here are my findings:
- upgrade.py calls passdb.get_global_sam_sid()
- get_global_sam_sid() calls pdb_generate_sam_sid()
- pdb_generate_sam_sid() calls secrets_fetch_domain_sid()
- secrets_fetch_domain_sid() calls secrets_fetch()
- secrets_fetch() calls dbwrap_fetch()
- dbwrap_fetch() reads the correct file and returns
exactly the binary string that tdbdump displays
At this point I was really astonished: Everything works
as expected but the resulting domain SID nevertheless is
wrong. And then I realized the reason:
My old secrets.tdb file contains the following SID-data:
01040000:00000005:00000015:545BFAD5:92AC2583:A49AEB0A
0x00000015=21, 0x545BFAD5=1415314133
0x15000000=352321536, 0xD5FA5B54=3589954388
My old samba3-server is a Sun Sparc machine with
MSB byte order while my new samba4-server is an
Intel machine with LSB byte order.
S-1-5-21-1415314133-2460755331-2761616138 and
S-1-5-352321536-3589954388-2200284306-183212708
are the same SIDs, just the byte ordering of the last
4 numbers was reversed.
Now my concern is that not only secrets.tdb contains
machine dependent data, but other tdb-files do as well.
I will fix the secrets.tdb file with a hex-editor and let
you know what happens.
Peter
More information about the samba
mailing list