The Samba-Bugzilla – Bug 3602
net getdomainsid needs to be documented
Last modified: 2006-03-13 12:46:00 UTC
As I understand it, the net utility should use the
workgroup / domain name for getlocalsid and setlocalsid
functions. Inspection of the debug output of "net"
reveals that the server name (netbios name) is being
server:/etc/samba# net --version
server:/etc/samba# head -4 smb.conf
# Global parameters
netbios name = SERVER
workgroup = GCI
server:/etc/samba# net getlocalsid
[2006/03/13 13:12:32, 0] utils/net.c:net_getlocalsid(494)
Can't fetch domain SID for name: SERVER
server:/etc/samba# net -n GCI getlocalsid
SID for domain GCI is: S-1-5-21-3118963520-1179058804-600230318
Sorry, this seems to be a documentation error.
net getlocalsid should get the sid of the local machine...it only makes sense.
net getdomainsid gets the sid of the domain, but it does not seem to be in the manpage. I'll work on the update and forward it on to jht to get in the docs correctly.
BTW, Samba-Guide only mentions getlocalsid and setlocalsid,
where IIUC domain SID is much more important issue.
Thank you for clarification!
BTW, Google whacks on getdomainsid and have never heared about setdomainsid ... ;)
(In reply to comment #3)
Please forget the above comment - search settings have distorted the results...
removed 'setdomainsid' from the bugzilla summary. Setting a domain sid doesn't make sense. You can't change the domain's sid, other than changing it locally on each domain controller, and I don't think this is a function we want to let anyone do easily. Getting the domain sid, however, does make sense. Typically, what you actually want to do is:
-get the domain sid (from a domain controller)
-set the local sid to match the domain sid (for setting up a BDC, or to vampire and duplicate a domain)
But I will work on documenting 'getdomainsid'. It also looks like we may need to do some code change as well, but it should be minor.
> Typically, what you actually want to do is:
> -get the domain sid (from a domain controller)
> -set the local sid to match the domain sid (for setting up a BDC, or to vampire
> and duplicate a domain)
My experience while migrating a 2.x (P)DC to 3.0.14a and to new hardware at the same time:
(netbios name = SERVER; workgroup = GCI)
- copied all relevant data from the old to the new machine
- taken the old-sid from MACHINE.SID
- net setlocalsid old-sid
clients were (still) not able to log in, the error shown was "machine account missing"
- rpcclient localhost -c lsaquery -U root%secret
this showed a different sid!
- net -n GCI setlocalsid old-sid
now the clients were (and still are) able to log in
prehaps the problem resides somewhere else (as well)?
or is it just sitting in front of the screen? :)
I will take a look at that scenario...not sure if it's just not setting it properly the first time. Maybe it's not setting it properly if it's not already set, and the rpcclient for some reason is causing it to generate a 'new' one, and then setlocalsid is working once one already exists? I'll try out afew scenarios.