SID changes for a PDC when you change its name ...
Richard Sharpe
rsharpe at ns.aus.com
Mon Sep 23 02:47:00 GMT 2002
Hi,
If you change the server name of a PDC, Samba generates a new machine SID
because of an incorrect test in pdb_generate_sam_sid.
It tries to retrieve the domain sid associated with global_myname first,
and of course, if you change your server name, this fails.
So, you then drop through, generate a new SID for your machine, and set to
domain SID to that if you are a DC and so on.
This generates lots of pain, however, if you are a DC and you simply want
to change the name of your DC.
What is neat, though, is that you can change your name back to what it
wasn (netbios name), restart the machine, and all seems well, in that
Windows clients that have joined the domain do not give you nasty messages
about invalid SIDs. (the name of security ID of the domain specified is
inconsistent with the trust information for that domain).
What I suggest is that the test should be reversed. pdb_generate_sam_sid
should look up the domain sid for global_myworkgroup, and if the machine
is a DC and the SID for global_myname is different or non-existent, it
should be set to the correct thing.
Secondly, it would be nice if there was a command like 'net rpc
setlocalsid S-1-5-21-x-y-z' that allowed you to set the SID in the secrets
database when you need to.
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical
mailing list