[Samba] unique index violation on objectSid on samba ad

Krutskikh Ivan stein.hak at gmail.com
Tue Oct 20 04:44:09 UTC 2015 

We actually sell whole systems with isolated lan and centralized
authentication and password management. Typically about 7 servers and 5
workstations.

2015-10-19 18:58 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 19/10/15 16:23, Krutskikh Ivan wrote:
>
>> And if you really want to work with cloning, then provision the first,
>>> join the second, do all your change, take a snapshot of both. Then you
>>> have the same setup again for the next customer. As long as the
>>> customers never will met and two of your systems come into the same
>>> network, is is no problem, because the domain would have the same name,
>>> SID, etc.
>>>
>> I did more or less so and it resulted in subj problem. I guess some
>> experiments is needed
>>
>>
>> 2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
>>
>> Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan:
>>>
>>>> Let me explain myself here. We ship video surveillance systems with
>>>> build-in ad domain controllers on 2 servers. Right now we have 4 active
>>>> projects and 3 more this year. Provisioning dc's by hand each time is a
>>>> pain I would like to avoid.
>>>>
>>>> There's not much I want from a domain: groups 'video' and 'video admins'
>>>>
>>> to
>>>
>>>> exist, gpo's to auto redirect user profiles to network share and to
>>>>
>>> prevent
>>>
>>>> users from video and video admins group from windows login and a some
>>>> specific password age settings.
>>>>
>>>
>>> What is the reason to ship that system with an DC? I don't know your
>>> system, but usually this kind of equipment is something I want to
>>> _integrate_ into my network and not run it as a part that manages my
>>> network.
>>>
>>> Why not make it a domain member or standalone system with local users?
>>>
>>>
>>>
>>> But if I would have to do this manually for every new system...
>>>>
>>> You can script very easy around samba-tool the provisining, the join of
>>> the second DC, user/group creation, etc.
>>>
>>>
>>> And if you really want to work with cloning, then provision the first,
>>> join the second, do all your change, take a snapshot of both. Then you
>>> have the same setup again for the next customer. As long as the
>>> customers never will met and two of your systems come into the same
>>> network, is is no problem, because the domain would have the same name,
>>> SID, etc.
>>>
>>>
>>>
>>> Regards,
>>> Marc
>>>
>>>
> Will your appliance need to connect to other machines ? or is it a
> standalone thing ?
> What I am trying to get at is, will it run as a domain controller for
> other machines, if not, then it sounds like overkill to me and it also
> sounds a bit like the machine I have for our CCTV cameras, it outputs to a
> monitor (in our case, a TV) and stores everything on a hard drive, a bit
> like a NAS with eyes :-D
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list