[Samba] Proper sysvol replication solution...

Rowland Penny rowlandpenny at googlemail.com
Fri Aug 22 15:49:50 MDT 2014


On 22/08/14 22:27, steve wrote:
> On Fri, 2014-08-22 at 22:46 +0200, Achim Gottinger wrote:
>> Am 22.08.2014 22:28, schrieb Rowland Penny:
>>>>> You mean like the reverse of what ever happens to create the entries
>>>>> in idmap.ldb ?
>>>>>
>>>>> Rowland
>>>>>
>>>> Yes,
>>>>
>>>> For your example in the other mail "getent group" would return
>>>>
>>>> S-1-5-32-544:*:3000000
>>>>
>>>> on the dc and
>>>>
>>>> S-1-5-32-544:*:2000
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>> That would be good, but it would be better if was:
>>>
>>> administrators:*:3000000
>>>
>>> on the dc and
>>>
>>> administrators:*:2000
>>>
>>> Rowland
>>>
>> Odd thing is the sid to name mapping is already there
>> (librpc/idl/security.idl) for well know sid's and rid's. Makes it even
>> more strange that only BUILDIN groups had been implemented by the patch.
>>
>> @steve you would force the users to reserve an predefined range of
>> numbers in their usermanagement for windows standard groups und users.
> That's exactly what we are trying to avoid. A range of possible values.
>
The problem that I see is that at the moment xid's start at 3000000 and 
end at 4000000, so you need to either start your users at 4000001 or 
start your users at 10000 (as windows does) and (if you have enough 
users) jump around the xid range. If the builtin/xid range was below 
10000, then it wouldn't be a problem.

Rowland



More information about the samba mailing list