[Samba] unique index violation on objectSid on samba ad
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Oct 19 15:58:16 UTC 2015
On 19/10/15 16:23, Krutskikh Ivan wrote:
>> And if you really want to work with cloning, then provision the first,
>> join the second, do all your change, take a snapshot of both. Then you
>> have the same setup again for the next customer. As long as the
>> customers never will met and two of your systems come into the same
>> network, is is no problem, because the domain would have the same name,
>> SID, etc.
> I did more or less so and it resulted in subj problem. I guess some
> experiments is needed
>
>
> 2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>
>> Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan:
>>> Let me explain myself here. We ship video surveillance systems with
>>> build-in ad domain controllers on 2 servers. Right now we have 4 active
>>> projects and 3 more this year. Provisioning dc's by hand each time is a
>>> pain I would like to avoid.
>>>
>>> There's not much I want from a domain: groups 'video' and 'video admins'
>> to
>>> exist, gpo's to auto redirect user profiles to network share and to
>> prevent
>>> users from video and video admins group from windows login and a some
>>> specific password age settings.
>>
>> What is the reason to ship that system with an DC? I don't know your
>> system, but usually this kind of equipment is something I want to
>> _integrate_ into my network and not run it as a part that manages my
>> network.
>>
>> Why not make it a domain member or standalone system with local users?
>>
>>
>>
>>> But if I would have to do this manually for every new system...
>> You can script very easy around samba-tool the provisining, the join of
>> the second DC, user/group creation, etc.
>>
>>
>> And if you really want to work with cloning, then provision the first,
>> join the second, do all your change, take a snapshot of both. Then you
>> have the same setup again for the next customer. As long as the
>> customers never will met and two of your systems come into the same
>> network, is is no problem, because the domain would have the same name,
>> SID, etc.
>>
>>
>>
>> Regards,
>> Marc
>>
Will your appliance need to connect to other machines ? or is it a
standalone thing ?
What I am trying to get at is, will it run as a domain controller for
other machines, if not, then it sounds like overkill to me and it also
sounds a bit like the machine I have for our CCTV cameras, it outputs to
a monitor (in our case, a TV) and stores everything on a hard drive, a
bit like a NAS with eyes :-D
Rowland
More information about the samba
mailing list