Bug 3602 - net getdomainsid needs to be documented
net getdomainsid needs to be documented
Product: Samba 3.0
Classification: Unclassified
Component: net utility
All Linux
: P3 normal
: none
Assigned To: Jim McDonough
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2006-03-13 06:19 UTC by Zrin
Modified: 2006-03-13 12:46 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Zrin 2006-03-13 06:19:16 UTC
As I understand it, the net utility should use the
workgroup / domain name for getlocalsid and setlocalsid
functions. Inspection of the debug output of "net"
reveals that the server name (netbios name) is being

server:/etc/samba# net --version         
Version 3.0.14a-Debian

server:/etc/samba# head -4 smb.conf
# Global parameters
        netbios name = SERVER
        workgroup = GCI

server:/etc/samba# net getlocalsid
[2006/03/13 13:12:32, 0] utils/net.c:net_getlocalsid(494)
  Can't fetch domain SID for name: SERVER

server:/etc/samba# net -n GCI getlocalsid                                                                               
SID for domain GCI is: S-1-5-21-3118963520-1179058804-600230318
Comment 1 Jim McDonough 2006-03-13 09:17:04 UTC
Sorry, this seems to be a documentation error.  

net getlocalsid should get the sid of the local machine...it only makes sense.

net getdomainsid gets the sid of the domain, but it does not seem to be in the manpage.  I'll work on the update and forward it on to jht to get in the docs correctly.
Comment 2 Zrin 2006-03-13 10:42:49 UTC
BTW, Samba-Guide only mentions getlocalsid and setlocalsid,
where IIUC domain SID is much more important issue.

Thank you for clarification!
Comment 3 Zrin 2006-03-13 10:48:12 UTC
BTW, Google whacks on getdomainsid and have never heared about setdomainsid ... ;)
Comment 4 Zrin 2006-03-13 10:55:37 UTC
(In reply to comment #3)

Please forget the above comment - search settings have distorted the results...
Comment 5 Jim McDonough 2006-03-13 11:48:52 UTC
removed 'setdomainsid' from the bugzilla summary.  Setting a domain sid doesn't make sense.  You can't change the domain's sid, other than changing it locally on each domain controller, and I don't think this is a function we want to let anyone do easily.  Getting the domain sid, however, does make sense.  Typically, what you actually want to do is:
-get the domain sid (from a domain controller)
-set the local sid to match the domain sid (for setting up a BDC, or to vampire and duplicate a domain)

But I will work on documenting 'getdomainsid'.  It also looks like we may need to do some code change as well, but it should be minor.
Comment 6 Zrin 2006-03-13 12:33:22 UTC
> Typically, what you actually want to do is:
> -get the domain sid (from a domain controller)
> -set the local sid to match the domain sid (for setting up a BDC, or to vampire
> and duplicate a domain)

My experience while migrating a 2.x (P)DC to 3.0.14a and to new hardware at the same time:
(netbios name = SERVER; workgroup = GCI)
- copied all relevant data from the old to the new machine
- taken the old-sid from MACHINE.SID
- net setlocalsid old-sid
clients were (still) not able to log in, the error shown was "machine account missing"
- rpcclient localhost -c lsaquery -U root%secret
this showed a different sid!
- net -n GCI setlocalsid old-sid
now the clients were (and still are) able to log in

prehaps the problem resides somewhere else (as well)?
or is it just sitting in front of the screen? :)
Comment 7 Jim McDonough 2006-03-13 12:46:00 UTC
I will take a look at that scenario...not sure if it's just not setting it properly the first time.  Maybe it's not setting it properly if it's not already set, and the rpcclient for some reason is causing it to generate a 'new' one, and then setlocalsid is working once one already exists?  I'll try out afew scenarios.