[Samba] unique index violation on objectSid on samba ad
Krutskikh Ivan
stein.hak at gmail.com
Mon Oct 19 15:23:56 UTC 2015
>And if you really want to work with cloning, then provision the first,
>join the second, do all your change, take a snapshot of both. Then you
>have the same setup again for the next customer. As long as the
>customers never will met and two of your systems come into the same
>network, is is no problem, because the domain would have the same name,
>SID, etc.
I did more or less so and it resulted in subj problem. I guess some
experiments is needed
2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
> Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan:
> > Let me explain myself here. We ship video surveillance systems with
> > build-in ad domain controllers on 2 servers. Right now we have 4 active
> > projects and 3 more this year. Provisioning dc's by hand each time is a
> > pain I would like to avoid.
> >
> > There's not much I want from a domain: groups 'video' and 'video admins'
> to
> > exist, gpo's to auto redirect user profiles to network share and to
> prevent
> > users from video and video admins group from windows login and a some
> > specific password age settings.
>
>
> What is the reason to ship that system with an DC? I don't know your
> system, but usually this kind of equipment is something I want to
> _integrate_ into my network and not run it as a part that manages my
> network.
>
> Why not make it a domain member or standalone system with local users?
>
>
>
> > But if I would have to do this manually for every new system...
>
> You can script very easy around samba-tool the provisining, the join of
> the second DC, user/group creation, etc.
>
>
> And if you really want to work with cloning, then provision the first,
> join the second, do all your change, take a snapshot of both. Then you
> have the same setup again for the next customer. As long as the
> customers never will met and two of your systems come into the same
> network, is is no problem, because the domain would have the same name,
> SID, etc.
>
>
>
> Regards,
> Marc
>
More information about the samba
mailing list