As I understand it, the net utility should use the workgroup / domain name for getlocalsid and setlocalsid functions. Inspection of the debug output of "net" reveals that the server name (netbios name) is being used. server:/etc/samba# net --version Version 3.0.14a-Debian server:/etc/samba# head -4 smb.conf # Global parameters [global] netbios name = SERVER workgroup = GCI server:/etc/samba# net getlocalsid [2006/03/13 13:12:32, 0] utils/net.c:net_getlocalsid(494) Can't fetch domain SID for name: SERVER server:/etc/samba# net -n GCI getlocalsid SID for domain GCI is: S-1-5-21-3118963520-1179058804-600230318
Sorry, this seems to be a documentation error. net getlocalsid should get the sid of the local machine...it only makes sense. net getdomainsid gets the sid of the domain, but it does not seem to be in the manpage. I'll work on the update and forward it on to jht to get in the docs correctly.
BTW, Samba-Guide only mentions getlocalsid and setlocalsid, where IIUC domain SID is much more important issue. (http://us3.samba.org/samba/docs/man/Samba-Guide/upgrades.html) Thank you for clarification!
BTW, Google whacks on getdomainsid and have never heared about setdomainsid ... ;)
(In reply to comment #3) Please forget the above comment - search settings have distorted the results...
removed 'setdomainsid' from the bugzilla summary. Setting a domain sid doesn't make sense. You can't change the domain's sid, other than changing it locally on each domain controller, and I don't think this is a function we want to let anyone do easily. Getting the domain sid, however, does make sense. Typically, what you actually want to do is: -get the domain sid (from a domain controller) -set the local sid to match the domain sid (for setting up a BDC, or to vampire and duplicate a domain) But I will work on documenting 'getdomainsid'. It also looks like we may need to do some code change as well, but it should be minor.
> Typically, what you actually want to do is: > -get the domain sid (from a domain controller) > -set the local sid to match the domain sid (for setting up a BDC, or to vampire > and duplicate a domain) My experience while migrating a 2.x (P)DC to 3.0.14a and to new hardware at the same time: (netbios name = SERVER; workgroup = GCI) - copied all relevant data from the old to the new machine - taken the old-sid from MACHINE.SID - net setlocalsid old-sid clients were (still) not able to log in, the error shown was "machine account missing" - rpcclient localhost -c lsaquery -U root%secret this showed a different sid! - net -n GCI setlocalsid old-sid now the clients were (and still are) able to log in prehaps the problem resides somewhere else (as well)? or is it just sitting in front of the screen? :)
I will take a look at that scenario...not sure if it's just not setting it properly the first time. Maybe it's not setting it properly if it's not already set, and the rpcclient for some reason is causing it to generate a 'new' one, and then setlocalsid is working once one already exists? I'll try out afew scenarios.
(In reply to Jim McDonough from comment #5) It is still not documented in docs-xml/manpages/net.8.xml
(In reply to Andrew Bartlett from comment #8) I believe you missed the case! # vim docs-xml/manpages/net.8.xml <refsect2> <title>GETDOMAINSID</title> <para>Prints the local machine SID and the SID of the current domain.</para>
(In reply to Amit Kumar from comment #9) Thanks (I did a lowercase search, oops!). Fixed by 492b4b572ee717fde09e4857b4804cee5385eaca in Samba 3.4.