[Samba] Domain SID issue
Hello I have a client who historical had a machinename with an underscore in it : samba_machine I had to get rid of the underscore names and changed the name to samba-machine. At the same time I upgraded to samba-3.0.11 to get a printer queue problem resolved. Now it seems the Domain SID has changed, so I changed the new SID back to the old one with net setlocalsid, because on all machines I had problems with logging in as domain Administrator (which was added as a local administrator , but with the old SID, so instead of the domain administrator name the old SID was listed as a local administrator) and moreover, all the machines seem to have lost their domain account. But it didn't help, the domain administrator still can't login in the domain machines, and the machines still don't recognize their accounts. So the situation: All machines and domain administrator have accounts at domain sid : OLD-SID Apparently the domain sid has changed to : NEW-SID , I try to set NEW-SID back to OLD-SID with net setlocalsid OLD-SID, command net getlocalsid returns now : OLD-SID , instead of NEW-SID I restored the groupmapping, so all entries in the groupmap list command show the OLD-SID again, net getlocalsid : returns OLD-SID net getlocalsid DOMAIN : returns OLD-SID net getlocalsid samba-machine : returns OLD-SID but : net rpc info target samba-machine : returns: Domain Name: DOMAIN Domain SID: NEW-SID ! So how is that possible , why returns net getlocalsid the OLD-SID and net rpc info target samba-machine the NEW-SID. What can I do (if at all possible) to have the OLD-SID properly accepted as the domain SID . And why does the command : net getlocalsid DOMAIN return : SID for domain DOMAIN is: OLD-SID and returns : net rpc info target samba-machine : Domain Name: DOMAIN Domain SID: NEW-SID ? Apparently the domain computers use a mechanism conform net rpc and get the NEW-SID returned, which is the wrong SID , instead of the OLD-SID as set by net setlocalsid. TIA Wim Bakker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain SID issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Samba List Unetix wrote: | show the OLD-SID again, | net getlocalsid : returns OLD-SID | net getlocalsid DOMAIN : returns OLD-SID | net getlocalsid samba-machine : returns OLD-SID | | but : | net rpc info target samba-machine : returns: | Domain Name: DOMAIN | Domain SID: NEW-SID ! | | So how is that possible , why returns net | getlocalsid the OLD-SID and net rpc info | target samba-machine the NEW-SID. The SID is read from secrets.tdb upon startup. Did you restart smbd ? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCQsmIR7qMdg1EfYRAswzAJ4ptzf5bmOCQzex68yQfpwu0gGNQACg7cWY rZqMFFM/pDDAN2npvghotPs= =A4AM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain SID issue
On Tuesday 08 February 2005 19:55, you wrote: Samba List Unetix wrote: | show the OLD-SID again, | net getlocalsid : returns OLD-SID | net getlocalsid DOMAIN : returns OLD-SID | net getlocalsid samba-machine : returns OLD-SID | | but : | net rpc info target samba-machine : returns: | Domain Name: DOMAIN | Domain SID: NEW-SID ! | | So how is that possible , why returns net | getlocalsid the OLD-SID and net rpc info | target samba-machine the NEW-SID. The SID is read from secrets.tdb upon startup. Did you restart smbd ? I did a killall -HUP smbd , but maybe that's not the way to do it, for an actual restart I have to wait for approval from the local administrator of that company because there are important programs running from that server on windows machines that crash when samba gets restarted, it is not allowed for the samba machine to ever be down, the upgrade was quite a hassle because samba definitely had to be restarted , but the benefits of no printer queue problems anymore where tempting so he agreed. I'll try to phone him , but h'll be angry because it's 8 in the evening and he wants quality time with his family, me not I work 24/7, I'm a robot. Thanks , I thought allready that would be the case , but needed assurance. I restarted samba and indeed , it gives now the OLD-SID back. So net getlocalsid retrieves it straight from secrets.tdb and net rpc inquires the running smbd process which returns the SID it keeps in memory from reading the secrets.tdb at first start-up ? Thanks Wim Bakker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain SID issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Samba List Unetix wrote: | The SID is read from secrets.tdb upon startup. Did you restart | smbd ? | | I did a killall -HUP smbd , but maybe that's not the way to do it, Nope. it will take an actual restart here. | So net getlocalsid retrieves it straight from | secrets.tdb and net rpc inquires the running smbd | process which returns the SID it keeps in memory | from reading the secrets.tdb at first start-up ? Correct. Unless someone changed the code and I didn't see it. That is how iot works. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCRzHIR7qMdg1EfYRAizBAKDI8WhWxkSe0rDyO3xLm5RfUXvGOwCg1hlk H70AxbYRse4MQT/XJ+VecBQ= =sn+k -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
