Bug 6308 - net sid handling tool broken
Summary: net sid handling tool broken
Alias: None
Product: Samba 3.3
Classification: Unclassified
Component: Client tools (show other bugs)
Version: 3.3.4
Hardware: Other Linux
: P3 major
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-04-30 13:26 UTC by John H Terpstra (mail address dead(
Modified: 2009-05-04 04:43 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description John H Terpstra (mail address dead( 2009-04-30 13:26:04 UTC
1. On a working Samba-3.3.4 system execute the following and record the values reported:
	net getlocalsid
	net getdomainsid

2. Change the workgroup name

3. stop smbd, nmbd, and winbind

4. delete the secrets.tdb file

5. Start samba daemons: smbd nmbd winbind

6. Reset the original domain sid using:
	net setdomainsid S-1-5-21-xxxxxxxxxxx-xxxxxxxxx-xxxxxxxxx
per the values obtained from 'net getdomainsid'

The error message is:	"Cannot fetch local SID."

This bug is blocking deployment of a commercial Samba server because it is used to ensure that the domain SID does not change when the domain name is modified.

This bug seems to be similar to Bug# 6033.
Comment 1 John H Terpstra (mail address dead( 2009-04-30 13:28:21 UTC
Note: This problem is critical for systems that use LDAP as the passwd backend.
Comment 2 Peter Baldwin 2009-05-01 09:05:14 UTC
Give me a few days and I can provide more detail.
Comment 3 Volker Lendecke 2009-05-04 04:43:58 UTC
John, is it possible that by removing secrets.tdb you also deleted the ldap admin password?

I can't reproduce the problem here, so I'm closing it with "worksforme". Please re-open if you can still reproduce the problem after having set the ldap admin pw with smbpasswd -w again, and also having set the local sid with "net setlocalsid".