[Samba] unique index violation on objectSid on samba ad

Rowland Penny rowlandpenny241155 at gmail.com
Mon Oct 19 13:33:38 UTC 2015 

On 19/10/15 14:07, Krutskikh Ivan wrote:
> ok =( Guess I should repeat all the work from scratch. So just to check if
> I got it right:
>
> 1) Create a new container. Provision a ad dc on it. Can I join some machine
> to apply some gpo's and to create users at this point? I'll delete it
> afterwards

Well NO , there is no point.

>
> 2) Power down the container from 1) and use it as a template for every
> other dc I need just by changing ip/dns

NO, clone the container BEFORE you provision Samba, at this point you 
can use it as a template.

>
> 3) Create another template for the second domain. Clone it and attach for
> each new dc from 2)

Why do you need different DCs ? if they are all going to be in the same 
realm, you can use 'sites', if they aren't, then they need to be totally 
different DNS domains and realms. Speaking of which, all machines in a 
realm need to be using the same DNS domain, you seem to using different 
domains on your original DCs (dc.office.mtt & bdc.tsnr.mtt)

> Will this work? The dc's would work in different lan's.

Don't recommend it.

Rowland

>
> 2015-10-19 15:39 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>
>> Hello Ivan,
>>
>> Am 19.10.2015 um 12:42 schrieb Krutskikh Ivan:
>>> I think, I've done something stupid here. At first I've created 2 lxc
>>> containers and provisioned one as dc.office.mtt and joined second one to
>>> the first ad bdc.tsnr.mtt.
>> You should not name your DC something like "backup" (bdc). If the first
>> one (dc) gets lost, you only have one. There's no primary, secondary,
>> etc. in an AD.
>>
>> But this isn't your problem :-)
>>
>>
>>
>>> Then I've cloned those containers several times
>>> and changed ip adresses and dns names of new containers to different
>>> subnets.
>> This was the mistake you made. Don't join and then clone! DCs have GUIDs
>> inside the AD. If you change the name/IP after the join, you have two
>> hosts with the same GUID in AD and you will of course get replication
>> problems.
>>
>> Is this already in production or just with a large number of
>> user/computers? If not, start from scratch. I think it's much less work
>> and risk to prevent upcomming trouble in future.
>>
>> 1. Install first DC
>> 2. Provision a domain on it
>> 3. Install second DC as template (just install OS + Samba, but don't join!)
>> 4. Clone your machine
>> 5. Give the clone a new hostname and IP
>> 6. Join the cloned machine to the domain
>> 7. Repeat 4-6 for all DCs you want to create.
>>
>>
>>
>> Regards,
>> Marc
>>

More information about the samba mailing list