On Wed, 11 Jul 2007 Chris Hall (Chris Hall <[EMAIL PROTECTED]>)
wrote
>
>Help...
>
>I'm running Samba v3.0.25b, recently upgraded.
>
>I use tdbsam, winbindd etc.
>
>The Samba machine is a PDC. If the machine is FRED and the domain is
>HOME, should I set up a machine account for FRED and join that to the
>HOME domain ?
>
>Should the machine FRED have its own domain SID ?
>
>Or... is are the machine FRED and the domain HOME one and the same ?
I note that if I discard all configuration and start with an empty
secrets.tdb, then FRED and HOME are set up with the same SID.
I found that to restore the original SID what I had to do was:
* delete secrets.tdb
* net setlocalsid S-x--xxx
this put the SID for FRED into the secrets.tdb.
* net groupmap add ntgroup="Domain Admins" rid=512 unixgroup=DAMN
type=d
which puts the SID for HOME into the secrets.tdb
I cannot help feeling that the Domain and the PDC machine should have
distinct SIDs after all, a BDC will have its own machine SID, and if
promoted to PDC must retain that machine SID ??
Chris
--
Chris Hall @ Home +44 (0)7970 277 383
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
