[Samba] BUILTIN not mapping on DC
steve
steve at steve-ss.com
Mon Apr 28 16:30:40 MDT 2014
On Mon, 2014-04-28 at 22:39 +0100, Rowland Penny wrote:
> >>
> >> 3000000 ---> CN=S-1-5-32-544
> >> 3000001 ---> CN=S-1-5-32-549
> >> 3000002 ---> CN=S-1-5-18
> >> 3000003 ---> CN=S-1-5-11
> >>
> >> now open idmap.ldb on the second DC and carry out the search with the
> >> second set of numbers:
> >>
> >> 3000000 ---> CN=S-1-5-32-544
> >> 3000012 ---> CN=S-1-5-11
> >> 3000022 ---> CN=S-1-5-32-549
> >> 3000023 ---> CN=S-1-5-18
> >>
> >> and a bit more searching finds out that:
> >>
> >> CN=S-1-5-32-544 ---> Administrators
> >> CN=S-1-5-32-549 ---> Server Operators
> >> CN=S-1-5-18 ---> Local System
> >> CN=S-1-5-11 ---> Authenticated Users
> >>
It's unfortunate that we can't use AD for rfc2307 for these objects as
we can with domain equivalents. I think the OP wants consistent values
across DC's without having to run sysvol reset after syncing, in which
case his copying idmap.ldb to the other DC method from the master seems
like the only way to do it.
Have we got that right? This thread is aiming at:
> >> 3000000 ---> CN=S-1-5-32-544
> >> 3000001 ---> CN=S-1-5-32-549
> >> 3000002 ---> CN=S-1-5-18
> >> 3000003 ---> CN=S-1-5-11
for all DCs?
Cheers,
Steve
More information about the samba
mailing list