samba - Jul 2007 - Samba PDC, v3.0.25b, tdbsam: should Server have its own SID etc ?

Help...

I'm running Samba v3.0.25b, recently upgraded.

I use tdbsam, winbindd etc.

The Samba machine is a PDC.  If the machine is FRED and the domain is 
HOME, should I set up a machine account for FRED and join that to the 
HOME domain ?

Should the machine FRED have its own domain SID ?

Or... is are the machine FRED and the domain HOME one and the same ?

Thanks,

Chris
-- 
Chris Hall   @ Home                                  +44 (0)7970 277 383

On Wed, 11 Jul 2007 Chris Hall (Chris Hall <chris.hall@halldom.com>)
wrote
>
>Help...
>
>I'm running Samba v3.0.25b, recently upgraded.
>
>I use tdbsam, winbindd etc.
>
>The Samba machine is a PDC.  If the machine is FRED and the domain is
>HOME, should I set up a machine account for FRED and join that to the
>HOME domain ?
>
>Should the machine FRED have its own domain SID ?
>
>Or... is are the machine FRED and the domain HOME one and the same ?
I note that if I discard all configuration and start with an empty
secrets.tdb, then FRED and HOME are set up with the same SID.

I found that to restore the original SID what I had to do was:

  * delete secrets.tdb

  * net setlocalsid S-xxxxx-xxxx-xxx

    this put the SID for FRED into the secrets.tdb.

  * net groupmap add ntgroup="Domain Admins" rid=512 unixgroup=DAMN
        type=d

    which puts the SID for HOME into the secrets.tdb

I cannot help feeling that the Domain and the PDC machine should have
distinct SIDs.... after all, a BDC will have its own machine SID, and if
promoted to PDC must retain that machine SID ??

Chris
-- 
Chris Hall   @ Home                                  +44 (0)7970 277 383