[Samba] unique index violation on objectSid on samba ad

mathias dufresne infractory at gmail.com
Mon Oct 19 15:52:24 UTC 2015 

The important thing in what says Marc is if you clone (whatever the way
used) your domains, if one person buy two of your devices to put them on
the same network, none will work.

2015-10-19 17:23 GMT+02:00 Krutskikh Ivan <stein.hak at gmail.com>:

> >And if you really want to work with cloning, then provision the first,
> >join the second, do all your change, take a snapshot of both. Then you
> >have the same setup again for the next customer. As long as the
> >customers never will met and two of your systems come into the same
> >network, is is no problem, because the domain would have the same name,
> >SID, etc.
>
> I did more or less so and it resulted in subj problem. I guess some
> experiments is needed
>
>
> 2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>
> > Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan:
> > > Let me explain myself here. We ship video surveillance systems with
> > > build-in ad domain controllers on 2 servers. Right now we have 4 active
> > > projects and 3 more this year. Provisioning dc's by hand each time is a
> > > pain I would like to avoid.
> > >
> > > There's not much I want from a domain: groups 'video' and 'video
> admins'
> > to
> > > exist, gpo's to auto redirect user profiles to network share and to
> > prevent
> > > users from video and video admins group from windows login and a some
> > > specific password age settings.
> >
> >
> > What is the reason to ship that system with an DC? I don't know your
> > system, but usually this kind of equipment is something I want to
> > _integrate_ into my network and not run it as a part that manages my
> > network.
> >
> > Why not make it a domain member or standalone system with local users?
> >
> >
> >
> > > But if I would have to do this manually for every new system...
> >
> > You can script very easy around samba-tool the provisining, the join of
> > the second DC, user/group creation, etc.
> >
> >
> > And if you really want to work with cloning, then provision the first,
> > join the second, do all your change, take a snapshot of both. Then you
> > have the same setup again for the next customer. As long as the
> > customers never will met and two of your systems come into the same
> > network, is is no problem, because the domain would have the same name,
> > SID, etc.
> >
> >
> >
> > Regards,
> > Marc
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list