Large number of users (was: Cannot add machine with latest C
Gerald Carter
cartegw at Eng.Auburn.EDU
Mon May 31 12:46:59 GMT 1999
Daniel Fonseca wrote:
>
> As for the machine "cloning" process, I must say I never
> cared about the per machine SID, and just dumped my way
> out of disk images and been cheerfuly using with no
> harm whatsoever - and a year has gone by.
The problem with cloning and not changing the SID's will
appear in
* network browsing
* access from local accounts
The second is more serious I think. I haven't tested
this bu consider the following case. The local admin
account always has a RID of 500. A user's SID is determined by
appending the RID to the local machine SID. If the local
machine SID is the same then the local admin fullt qualified
SID will be the same as well. Since RID's are generated
incrementally starting at 1000, you can see the same behaviour
with normal user accounts. Of course validation would still be
required but you could imagine the potential consequences.
Cheers,
jerry
________________________________________________________________________
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom
mailing list