> What I ended up doing was to use an LDAP browser > and edit the domain accounts for ech machine to > have the same SID.
we're not using LDAP but we can manipulate the trivial data base file "secrets.tdb" to set the locl SID to any sensible SID. Is it OK to set the local SID to the same value as the domain SID? In our network the PDC server has the same local SID as the domain SID. All other member servers register the same domain SID for the domain and a totally different local SID for themselves in "secrets.tdb". This works quite well, except that sometimes there is an entry in samba logs that a domain-qualified user SID with correct RID for an existing user with the same UID=(RID-1000)/2 and same GIDs on all member servers can't be mapped to his name, e.g. [2007/08/21 20:48:26, 0] smbd/posix_acls.c:create_canon_ace_lists(1421) create_canon_ace_lists: unable to map SID S-1-5-21-3574958883-2392404172-2943802112-2590 to uid or gid. whereby RID=2590 translates to UID=795, a well-known user in our domain S-1-5-21-3574958883-2392404172-2943802112. Is it OK to set the local SID to the same value as the domain SID, as the quoted posting seems to imply? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
