[Samba] Proper sysvol replication solution...

Ryan Ashley ryana at reachtechfp.com
Fri Aug 22 18:26:36 MDT 2014

So you can use rsync without messing up the UID/GID stuff, but what 
about unison? I have no issues on my domains with dual DC's using 
unison. The problem with rsync is that it is one-way. I always have to 
do all work on the same DC and sync to the other. Unison doesn't care 
and syncs both ways. So is it a viable solution? So far I have not 
NOTICED any issues, but I honestly haven't spent a day looking for any 

On 8/22/2014 7:37 PM, Achim Gottinger wrote:
> Am 23.08.2014 00:40, schrieb steve:
>> On Fri, 2014-08-22 at 23:48 +0200, Achim Gottinger wrote:
>>> Well you talked about well known rid's earlier. The well known sid's 
>>> are
>>> the same on all domains, rid's are always prefixed with the domain sid.
>>> To prove myself wrong, these do resolve well and cause no problems.
>>> As for the sid's (builtin/security) the only problem on the linux side
>>> is that they do not resolve at all to an gid. It is not necessary that
>>> they resolve to the same gid on every machine, they just must 
>>> resolve to
>>> an number.
>> No. They must resolve to the same number. If it's 3000000 on DC1 and you
>> rsync it across to DC2 where the same group is mapped to 3000001, it is
>> a mess. Your GPOs will fail.
> If an group resolves to 3000000 on DC1 and to 3000001 on DC2 and you 
> use -o -g during rsync. an file owned by
> 3000000 will be owned by 3000001 after it got rsynced from dc1 to dc2.
> The gpo will continue to work.
>>>   If an group resolves to different gid's at two systems rsync
>>> will take care of the number replacement if not the gid will be the 
>>> same.
>> rsync cannot map builtins because they are not available via nss!
> That is what i mean by they do not resolve.
>>> achim~

More information about the samba mailing list