Bug 6308 - net sid handling tool broken
net sid handling tool broken
Status: RESOLVED WORKSFORME
Product: Samba 3.3
Classification: Unclassified
Component: Client tools
3.3.4
Other Linux
: P3 major
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-30 13:26 UTC by John H Terpstra
Modified: 2009-05-04 04:43 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John H Terpstra 2009-04-30 13:26:04 UTC
1. On a working Samba-3.3.4 system execute the following and record the values reported:
	net getlocalsid
	net getdomainsid

2. Change the workgroup name

3. stop smbd, nmbd, and winbind

4. delete the secrets.tdb file

5. Start samba daemons: smbd nmbd winbind

6. Reset the original domain sid using:
	net setdomainsid S-1-5-21-xxxxxxxxxxx-xxxxxxxxx-xxxxxxxxx
per the values obtained from 'net getdomainsid'


The error message is:	"Cannot fetch local SID."

This bug is blocking deployment of a commercial Samba server because it is used to ensure that the domain SID does not change when the domain name is modified.

This bug seems to be similar to Bug# 6033.
Comment 1 John H Terpstra 2009-04-30 13:28:21 UTC
Note: This problem is critical for systems that use LDAP as the passwd backend.
Comment 2 Peter Baldwin 2009-05-01 09:05:14 UTC
Give me a few days and I can provide more detail.
Comment 3 Volker Lendecke 2009-05-04 04:43:58 UTC
John, is it possible that by removing secrets.tdb you also deleted the ldap admin password?

I can't reproduce the problem here, so I'm closing it with "worksforme". Please re-open if you can still reproduce the problem after having set the ldap admin pw with smbpasswd -w again, and also having set the local sid with "net setlocalsid".

Volker