[Samba] Joining Second DC error -- NT_STATUS_CONNECTION_RESET
Marc Muehlfeld
mmuehlfeld at samba.org
Wed Aug 20 15:05:43 MDT 2014
Am 20.08.2014 21:59, schrieb Rowland Penny:
>>> 3. Do we have a way to backup Dc user and group or the updated computer
>>> password :)
>> The user/group stuff you can export via ldap (at least the most
>> attributes). And you can write a script that creates the users via
>> samba-tool again. But you can't restore the SID on this way.
>
> Hi, are you sure about the SID ? I have never used it, but 'samba-tool
> domain provision --help' shows this:
>
> --domain-sid=SID set domainsid (otherwise random)
The domain SID you can set during provisioning. But I ment the SID (RID)
of accounts/groups.
# samba-tool user add ....
doesn't have anything to create an user/group with a defined RID.
And I'm not sure, if this is possible at all, when I'm thinking about
it. Because the RIDs for new created objects are taken from the RID
pool. Every DC has a pool of 500 RIDs (when empty, the pool is filled
with the next free 500 RIDs from the RID Master). So if e. g. an account
is created with a defined RID on DC1. But this RID is one that is in the
free-RID-pool of DC2, this would cause trouble. The same trouble would
happen if you would manually edit the objectSID.
Regards,
Marc
More information about the samba
mailing list