On 09/02/2023 04:16, itdept_head via samba wrote:> > This is a little complex? > Since one domain is a rename of the other. (testing rename tool for working out a full procedure) > Renamed an old domain, but want to be able to access the NAS that are bound to the old domain. > The NAS can only be bound to 1 domain. > Which means there needs to be a trust. From the new renamed domain to the old domain > so that the NAS can send the request to the new domain that then routes the request to the old domain. > It?s needed so that the new domain groups can be reconstructed on the NAS & tested, before removal of the old groups > > > Could this perhaps be due to the SID?Very probably, when you 'rename' something, you just rename the names (and then not all of them), so your newly renamed domain will probably have the same domain SID as the old one. Rowland
Very probably, when you 'rename' something, you just rename the names
(and then not all of them), so your newly renamed domain will probably
have the same domain SID as the old one.
Rowland
Ok so why does this not work... Or any combination .
net getdomainsid
SID for domain ORG is: S-1-5-21-1054434277-4207674981-198073344
rm -rf /usr/local/samba/private/secrets.tdb
net setdomainsid S-1-5-21-1154434277-4207674981-198173344
net setlocalsid S-1-5-21-1154434277-4207674981-198173344
net getdomainsid
SID for domain ORG is: S-1-5-21-1054434277-4207674981-198073344
tdbdump /usr/local/samba/private/secrets.tdb
{
key(16) = "SECRETS/SID/DC01"
data(68) =
"\01\04\00\00\00\00\00\05\15\00\00\00\E5D\CFDe\06\CC\FA\A0\E2\CF\0B\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
{
key(15) = "SECRETS/SID/ORG"
data(68) =
"\01\04\00\00\00\00\00\05\15\00\00\00\E5D\CFDe\06\CC\FA\A0\E2\CF\0B\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
Thanks