-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 04 May 2004 13:58:25 +1000 Andrew Bartlett <[EMAIL PROTECTED]> wrote: > On Tue, 2004-05-04 at 11:46, Anthony Chavez wrote: >> On Mon, 03 May 2004 19:19:41 -0600 Anthony Chavez <[EMAIL PROTECTED]> wrote: >> > I just changed the NetBIOS name of my PDC (*not* the name of the domain) >> > and now the security properties of the domain user profile on my >> > Win2kSP4 workstation shows "S-1-5-21-..." as the user rather than the >> > username. >> >> It turned out that this particular machine had a very shaky network >> connection. Please disregard my post. ;-) > > However, as a warning to others - this can happen. There was an issue > (and it still happens for domain members, for their 'local' users) where > if you rename a Samba machine, it can regenerate the local SAM sid. On > a PDC, this is also the domain SID.
After I had replaced the cable, I discovered that the problem was that the user was assigned a new SID after all. Fortunately, the affected user stated that trashing the local profile was an option, so I just deleted the local copy and had the workstation snarf a fresh one off the server. A few questions, however: 1) Is a patch for this issue desirable? Do we *want* users to retain their SIDs after a machine gets a new name? My initial response would be "yes," but I don't consider myself a M$ administration guru. 2a) What would be the "proper" procedure to follow in renaming a PDC? 2b) During a discussion on IRC, it was suggested (after I had already mucked about a bit and brought about the error in the first place) that I configure my new server name in the NetBIOS name parameter and my old one in the NetBIOS alias parameter. I wasn't told that this would actually fix the problem, but I was given the impression that if I were to do that first, then disjoin and rejoin my workstations to the domain, it might. Would it? 3) When I've got multiple workstations involved, one of my biggest concerns is that any changes that happen to the local profile during the name change get propagated to the server. Is this going to have to be done by hand if the SIDs change and the workstation doesn't reassociate the server UID with the new SID? P.S.: I know what an SID is. No, really. ;-) P.P.S.: Sorry for not mentioning this in my first post (I'm usually really good about doing so), but FWIW, I'm running 2.2.8a on FreeBSD 4.9-STABLE. I also apologize for not posting my smb.conf---I usually do that as well. I was in a bit of a hurry at the time. - -- Anthony Chavez http://www.anthonychavez.org/ mailto:[EMAIL PROTECTED] jabber:[EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFAl8OlbZTbIaRBRXERAk6gAJ0VqdwfAZo0KsZNF3ngeWWSTKUH5wCffl1e NAP6nOh4FiUQ+EtmyB9rRlw= =nXgN -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba