samba - Dec 2010 - changing SID breaks some permissions

I've got a standalone host with an SID that matches exactly a domain 
SID.  for some (fairly obvious) reason, windows machines get confused by 
this, so I need to change one of the two SIDs.  I decided (for 
simplicity's sake) to change the machine.  it broke a bunch of 
permissions in some silent way, and I couldn't solve a printing related 
issue as a result (see my other post).  Clearly there's more to changing 
the SID then just net setlocalsid, as that's what broke stuff.  so the 
question is this:

what else uses that sid, and where does it need to be changed?

On Fri, 2010-12-24 at 11:13 -0800, Christ Schlacta
wrote:
> I've got a standalone host with an SID that matches exactly a domain 
> SID.  for some (fairly obvious) reason, windows machines get confused by 
> this, so I need to change one of the two SIDs.  I decided (for 
> simplicity's sake) to change the machine.  it broke a bunch of 
> permissions in some silent way, and I couldn't solve a printing related
> issue as a result (see my other post).  Clearly there's more to
changing
> the SID then just net setlocalsid, as that's what broke stuff.  so the 
> question is this:
> 
> what else uses that sid, and where does it need to be changed?
The SID is embedded in every security descriptor stored, be it on disk
in a security descriptor or in a database.  In particular this applies
to the registry which stores printer details. 

I fear it will be difficult to find and fix all the instances, but
others who are more involved in this code regularly may wish to
comment. 

In short, you may be better to re-configure this workstation from
scratch. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.