[Samba] Proper sysvol replication solution...

steve steve at steve-ss.com
Fri Aug 22 15:34:58 MDT 2014

On Fri, 2014-08-22 at 21:58 +0100, Rowland Penny wrote:
> On 22/08/14 21:46, Achim Gottinger wrote:

> > Odd thing is the sid to name mapping is already there 
> > (librpc/idl/security.idl) for well know sid's and rid's. Makes it even 
> > more strange that only BUILDIN groups had been implemented by the patch.
> >
> > @steve you would force the users to reserve an predefined range of 
> > numbers in their usermanagement for windows standard groups und users.
> And your problem with this is ???
> If people could get their heads around the fact that they do not need 
> any local unix users and just have domain users instead, this would not 
> really be a problem.

This really is very simple. If a user or group has a unix id, than that
id should be the same no matter where it is obtained.

It is a godsend that we can store ids in AD for domain users. It is a
pity that we cannot do this for builtin groups too. There are
workarounds but these look like staying as workarounds, known only to
the small bunch of us here who who actually use dual DCs and GPOs
without the mess that those who do not know get themselves into. 

More information about the samba mailing list