Prev: [Samba] wbinfo -a fails plaintext auth; passes challenge/response
Next: [Samba] Samba Domain Controller propegation time
From: Frank Stanek on 29 Apr 2010 06:20
Hello,

I recently noticed a problem on our PDC (samba 3.0.32
on SLES 10 SP2) which I kind of know how to solve after
web research but I am unclear about the possible
consequences for our domain and clients.

The situation is this:
Originally samba was set up on this machine to test. Back
then its hostname was infrahostnew, so there is a SID for
that NETBIOS name in secrets.tdb. When the PDC went in
production, we had to change the hostname to infrahost.
We then provisioned our domain MYDOMAIN. Now there is also
a SID for MYDOMAIN in secrets.tdb which is different than
the SID of infrahostnew. Also there is no SID at all for
the new NETBIOS name infrahost. This causes for example
net getlocalsid to fail.

My research suggests that the NETBIOS name SID of the PDC
infrahost should be the same as the domain SID, is that
correct? Also, I found an article that dealt with inconsistent
SIDs; it suggested to set the NETBIOS SID to be the same
as the domain SID. But this article dealt with the case
that there actually _is_ a NETBIOS SID in secrets.tdb but
it's not the same as the domain SID. This is not our case
however since there is no SID at all for the NETBIOS name.

We haven't noticed any problems because of this at all,
I just stumbled upon it when I went to check the SIDs
routinely. How would you suggest I proceed in this situation?
Should we set the NETBIOS SID to be the same as the domain
SID with net setlocalsid? What possible consequences could
there be? We are very concerned that this may introduce problems
for our clients that we don't have at the moment. But I
wouldn't like to keep things in an inconsistent state like
this either.

I'd be glad for any insights.

Regards
Frank
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: [Samba] wbinfo -a fails plaintext auth; passes challenge/response
Next: [Samba] Samba Domain Controller propegation time