[Samba] Classic Upgrade changes domain SID

Peter Koch sambamailinglist at gmail.com
Mon Aug 28 21:46:51 UTC 2023

Hi Andrew and Roland,

I spent some hours today to debug the problem by
adding lots of printf-statements into the samba4

Here are my findings:
- upgrade.py calls passdb.get_global_sam_sid()
- get_global_sam_sid() calls pdb_generate_sam_sid()
- pdb_generate_sam_sid() calls secrets_fetch_domain_sid()
- secrets_fetch_domain_sid() calls secrets_fetch()
- secrets_fetch() calls dbwrap_fetch()
- dbwrap_fetch() reads the correct file and returns
   exactly the binary string that tdbdump displays

At this point I was really astonished: Everything works
as expected but the resulting domain SID nevertheless is
wrong. And then I realized the reason:

My old secrets.tdb file contains the following SID-data:
0x00000015=21, 0x545BFAD5=1415314133
0x15000000=352321536, 0xD5FA5B54=3589954388

My old samba3-server is a Sun Sparc machine with
MSB byte order while my new samba4-server is an
Intel machine with LSB byte order.

S-1-5-21-1415314133-2460755331-2761616138 and
are the same SIDs, just the byte ordering of the last
4 numbers was reversed.

Now my concern is that not only secrets.tdb contains
machine dependent data, but other tdb-files do as well.

I will fix the secrets.tdb file with a hex-editor and let
you know what happens.


More information about the samba mailing list