[Samba] Re: SID
Dragan Krnic
dkrnic at googlemail.com
Wed Aug 29 17:07:18 GMT 2007
>>> Is it OK to set the local SID to the same value as
>>> the domain SID, as the quoted posting seems to imply?
>>
>> http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id365521
>>
>> "... there is now a safe copy of the local machine SID. On a PDC/BDC
>> this is the domain SID also."
>>
>> So, as the documentation says, yes, on a PDC/BDC the machine SID IS
>> equal to the domain SID.
>
> The local SID is the machine SID.
>
> Let it be ultimately clear - only a PDC and BDC may have the samba SID.
> On a PDC and BDC the Domain SID is the same as the machine SID.
Thanks, Edmundo,
Thanks, John,
The difference between a BDC and a member server seems to be mainly
that a BDC can jump in for a crashed PDC and a server member can't.
That means a little more careful configuring but if that would stop it from
barking
unable to map SID: S-1-5-21-NOTORIOUS-DOMAIN-SID-myRID
it would be worth the trouble. Are there performance reasons against
promoting 4 member servers to BDCs to equalize the SIDs?
Tu put it in different words: why would a joined member server still
have problems identifying a regular domain-Joe?
More information about the samba
mailing list