The Samba-Bugzilla – Bug 6308
net sid handling tool broken
Last modified: 2009-05-04 04:43:58 UTC
1. On a working Samba-3.3.4 system execute the following and record the values reported:
2. Change the workgroup name
3. stop smbd, nmbd, and winbind
4. delete the secrets.tdb file
5. Start samba daemons: smbd nmbd winbind
6. Reset the original domain sid using:
net setdomainsid S-1-5-21-xxxxxxxxxxx-xxxxxxxxx-xxxxxxxxx
per the values obtained from 'net getdomainsid'
The error message is: "Cannot fetch local SID."
This bug is blocking deployment of a commercial Samba server because it is used to ensure that the domain SID does not change when the domain name is modified.
This bug seems to be similar to Bug# 6033.
Note: This problem is critical for systems that use LDAP as the passwd backend.
Give me a few days and I can provide more detail.
John, is it possible that by removing secrets.tdb you also deleted the ldap admin password?
I can't reproduce the problem here, so I'm closing it with "worksforme". Please re-open if you can still reproduce the problem after having set the ldap admin pw with smbpasswd -w again, and also having set the local sid with "net setlocalsid".