-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't mean to be a pest, but I felt that I should reiterate my questions again because I feel that it is an issue that recurrs enough to warrant inclusion in the HOWTO (or is it there and I'm just not seeing it?).
And I'd like to re-emphasize that I'm offering to patch it. ;-) On Tue, 04 May 2004 10:24:05 -0600 Anthony Chavez <[EMAIL PROTECTED]> wrote: > On Tue, 04 May 2004 13:58:25 +1000 Andrew Bartlett <[EMAIL PROTECTED]> wrote: >> On Tue, 2004-05-04 at 11:46, Anthony Chavez wrote: >>> On Mon, 03 May 2004 19:19:41 -0600 Anthony Chavez <[EMAIL PROTECTED]> wrote: >>> > I just changed the NetBIOS name of my PDC (*not* the name of the domain) >>> > and now the security properties of the domain user profile on my >>> > Win2kSP4 workstation shows "S-1-5-21-..." as the user rather than the >>> > username. >>> >>> It turned out that this particular machine had a very shaky network >>> connection. Please disregard my post. ;-) >> >> However, as a warning to others - this can happen. There was an issue >> (and it still happens for domain members, for their 'local' users) where >> if you rename a Samba machine, it can regenerate the local SAM sid. On >> a PDC, this is also the domain SID. > > After I had replaced the cable, I discovered that the problem was that > the user was assigned a new SID after all. Fortunately, the affected > user stated that trashing the local profile was an option, so I just > deleted the local copy and had the workstation snarf a fresh one off the > server. > > A few questions, however: > > 1) Is a patch for this issue desirable? Do we *want* users to retain > their SIDs after a machine gets a new name? My initial response > would be "yes," but I don't consider myself a M$ administration guru. > > 2a) What would be the "proper" procedure to follow in renaming a PDC? > > 2b) During a discussion on IRC, it was suggested (after I had already > mucked about a bit and brought about the error in the first place) > that I configure my new server name in the NetBIOS name parameter > and my old one in the NetBIOS alias parameter. I wasn't told that > this would actually fix the problem, but I was given the impression > that if I were to do that first, then disjoin and rejoin my > workstations to the domain, it might. Would it? > > 3) When I've got multiple workstations involved, one of my biggest > concerns is that any changes that happen to the local profile during > the name change get propagated to the server. Is this going to have > to be done by hand if the SIDs change and the workstation doesn't > reassociate the server UID with the new SID? > > P.S.: I know what an SID is. No, really. ;-) > > P.P.S.: Sorry for not mentioning this in my first post (I'm usually > really good about doing so), but FWIW, I'm running 2.2.8a on FreeBSD > 4.9-STABLE. I also apologize for not posting my smb.conf---I usually do > that as well. I was in a bit of a hurry at the time. - -- Anthony Chavez http://www.anthonychavez.org/ mailto:[EMAIL PROTECTED] jabber:[EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAoSStbZTbIaRBRXERAgtLAKCBWyUvHWPoWfYCJ4eGNgL0KeV4uACfaeYP QVHfU+FjScMdxUO67e/DucU= =YFgh -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba