Monday, December 19, 2005

samba 3 - getlocalsid

  1. Change the name of your server back to what it was in the smb.conf file and restart Samba.
  2. Use the new net getlocalsid [NAME] and net setlocalsid S-1-5-21-x-y-z commands to change the SID of your Samba server back to what it used to be.

    For example, if samba1 is the old NetBIOS name of your PDC, you can retrieve its SID with the following command, as the SID is still available:

         net getlocalsid samba1
    SID for domain samba1 is: S-1-5-21-3349071909-1695333706-3939217754

    Then you can set your SID correctly with:

         net setlocalsid S-1-5-21-3349071909-1695333706-3939217754

    Of course, a quick way to achieve all that is:

         net setlocalsid ‘net getlocalsid samba1 | cut -f2 -d:‘

    These commands are only available in Samba-3.0alpha20 and beyond.

  3. When Samba 2.2.8 ships, you should also be able to recover your previous SID and replace the existing one with the old one. You do this with the commands smbpasswd -X and smbpasswd -W
  4. Change the name of your server back to what it was in the smb.conf file and restart Samba.
  5. Use the new net getlocalsid [NAME] and net setlocalsid S-1-5-21-x-y-z commands to change the SID of your Samba server back to what it used to be.

    For example, if samba1 is the old NetBIOS name of your PDC, you can retrieve its SID with the following command, as the SID is still available:

         net getlocalsid samba1
    SID for domain samba1 is: S-1-5-21-3349071909-1695333706-3939217754

    Then you can set your SID correctly with:

         net setlocalsid S-1-5-21-3349071909-1695333706-3939217754

    Of course, a quick way to achieve all that is:

         net setlocalsid ‘net getlocalsid samba1 | cut -f2 -d:‘

    These commands are only available in Samba-3.0alpha20 and beyond.

  6. When Samba 2.2.8 ships, you should also be able to recover your previous SID and replace the existing one with the old one. You do this with the commands smbpasswd -X and smbpasswd -W

    For example, if samba1 is the old NetBIOS name of your Samba 2.2.8 server, you can retrieve its SID with:

          smbpasswd -X samba1
    SID for domain samba1 is: S-1-5-21-3349071909-1695333706-3939217754

    And you can change the SID of your server with:

          smbpasswd -W S-1-5-21-3349071909-1695333706-3939217754

It turns out that Samba still has the SID in its secrets.tdb file. If you can't remember your server's old name, you can most likely figure it out with the aid of tdbdump.

Firstly, you will need to build tdbdump. You can do this from the Samba source tree:

     cd tdb
make tdbdump

Then you simply dump your secrets file with tdbdump. The following shows an example.

   ./tdb/tdbdump /usr/local/samba/private/secrets.tdb
{
key = "SECRETS/SID/CRAPTESTER"
data = "\01\04\00\00\00\00\00\05\15\00\00\00\0D\949?\A6Z\8A\7F\C88\B2\88
\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
{
key = "SECRETS/SID/INTRESTING"
data = "\01\04\00\00\00\00\00\05\15\00\00\00|\0Ex\04v\E8\F5\19\0Ag,\FF\00
\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}

You might find your data formatted a little differently to that above.

In anycase, you can see the server names that are likely to have been used. They are the last component of the keys starting with SECRETS.

You should note that there will be one entry in your secrets.tdb file of the form SECRETS/SID/ for your domain SID, and one entry of the form SECRETS/SID/ for your server SID. They should be the same.



No comments: