information about "user manager for domains", local machines and , domains.
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue Apr 7 16:26:33 GMT 1998
this message is cross-posted to both samba-technical and samba-ntdom.
just realised something, but wanted to a) check it with other people b)
make sure those who _need_ to know do know.
it means that we need a shift in thinking (well, i do, anyway :-) and some
additional programming.
run "usrmgr.exe" for domains (nt server only). select a _machine_ not a
domain. you get the machine's local accounts up, as if you had run the
program "musrmgr.exe" which is available only for nt workstation.
this ties in with what i mentioned a while back about nt workstations and
nt stand-alone servers. namely, that the LsaQueryInfoPolicy call with
level 3 gives you the domain that the machine is a member of, along with
the domain SID; LsaQueryInfoPolicy with level 5 gives you the
_workstation_ name, along with what is presumably the _workstation's_ SID.
oops.
in other words, we need a new parameter "machine sid" as well as "domain
sid". or _do_ we. i think we probably need to have samba generate the
sids (randomly) in an untoucheable file, with dire warnings added to it as
to the consequences of modifying / deleting it.
samba should generate the machine or domain sid depending on whether it is
configured as a "domain controller" or a "domain member". once and only
once.
hey, wouldn't it be great to have a PDC that you didn't have to reboot if
you changed the domain name, or made it a BDC instead of a PDC? (small dig
here...)
luke
More information about the samba-ntdom
mailing list