Large number of users (was: Cannot add machine with latest C

Gerald Carter cartegw at Eng.Auburn.EDU
Mon May 31 12:46:59 GMT 1999

Daniel Fonseca wrote:
> As for the machine "cloning" process, I must say I never 
> cared about the per machine SID, and just dumped my way 
> out of disk images and been cheerfuly using with no 
> harm whatsoever - and a year has gone by. 

The problem with cloning and not changing the SID's will
appear in 

	* network browsing
	* access from local accounts

The second is more serious I think.  I haven't tested 
this bu consider the following case.  The local admin 
account always has a RID of 500.  A user's SID is determined by
appending the RID to the local machine SID.   If the local 
machine SID is the same then the local admin fullt qualified 
SID will be the same as well.  Since RID's are generated 
incrementally starting at 1000, you can see the same behaviour
with normal user accounts.  Of course validation would still be
required but you could imagine the potential consequences.

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at   

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list