Krutskikh Ivan
2015-Oct-19 15:23 UTC
[Samba] unique index violation on objectSid on samba ad
>And if you really want to work with cloning, then provision the first, >join the second, do all your change, take a snapshot of both. Then you >have the same setup again for the next customer. As long as the >customers never will met and two of your systems come into the same >network, is is no problem, because the domain would have the same name, >SID, etc.I did more or less so and it resulted in subj problem. I guess some experiments is needed 2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:> Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan: > > Let me explain myself here. We ship video surveillance systems with > > build-in ad domain controllers on 2 servers. Right now we have 4 active > > projects and 3 more this year. Provisioning dc's by hand each time is a > > pain I would like to avoid. > > > > There's not much I want from a domain: groups 'video' and 'video admins' > to > > exist, gpo's to auto redirect user profiles to network share and to > prevent > > users from video and video admins group from windows login and a some > > specific password age settings. > > > What is the reason to ship that system with an DC? I don't know your > system, but usually this kind of equipment is something I want to > _integrate_ into my network and not run it as a part that manages my > network. > > Why not make it a domain member or standalone system with local users? > > > > > But if I would have to do this manually for every new system... > > You can script very easy around samba-tool the provisining, the join of > the second DC, user/group creation, etc. > > > And if you really want to work with cloning, then provision the first, > join the second, do all your change, take a snapshot of both. Then you > have the same setup again for the next customer. As long as the > customers never will met and two of your systems come into the same > network, is is no problem, because the domain would have the same name, > SID, etc. > > > > Regards, > Marc >
mathias dufresne
2015-Oct-19 15:52 UTC
[Samba] unique index violation on objectSid on samba ad
The important thing in what says Marc is if you clone (whatever the way used) your domains, if one person buy two of your devices to put them on the same network, none will work. 2015-10-19 17:23 GMT+02:00 Krutskikh Ivan <stein.hak at gmail.com>:> >And if you really want to work with cloning, then provision the first, > >join the second, do all your change, take a snapshot of both. Then you > >have the same setup again for the next customer. As long as the > >customers never will met and two of your systems come into the same > >network, is is no problem, because the domain would have the same name, > >SID, etc. > > I did more or less so and it resulted in subj problem. I guess some > experiments is needed > > > 2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>: > > > Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan: > > > Let me explain myself here. We ship video surveillance systems with > > > build-in ad domain controllers on 2 servers. Right now we have 4 active > > > projects and 3 more this year. Provisioning dc's by hand each time is a > > > pain I would like to avoid. > > > > > > There's not much I want from a domain: groups 'video' and 'video > admins' > > to > > > exist, gpo's to auto redirect user profiles to network share and to > > prevent > > > users from video and video admins group from windows login and a some > > > specific password age settings. > > > > > > What is the reason to ship that system with an DC? I don't know your > > system, but usually this kind of equipment is something I want to > > _integrate_ into my network and not run it as a part that manages my > > network. > > > > Why not make it a domain member or standalone system with local users? > > > > > > > > > But if I would have to do this manually for every new system... > > > > You can script very easy around samba-tool the provisining, the join of > > the second DC, user/group creation, etc. > > > > > > And if you really want to work with cloning, then provision the first, > > join the second, do all your change, take a snapshot of both. Then you > > have the same setup again for the next customer. As long as the > > customers never will met and two of your systems come into the same > > network, is is no problem, because the domain would have the same name, > > SID, etc. > > > > > > > > Regards, > > Marc > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2015-Oct-19 15:58 UTC
[Samba] unique index violation on objectSid on samba ad
On 19/10/15 16:23, Krutskikh Ivan wrote:>> And if you really want to work with cloning, then provision the first, >> join the second, do all your change, take a snapshot of both. Then you >> have the same setup again for the next customer. As long as the >> customers never will met and two of your systems come into the same >> network, is is no problem, because the domain would have the same name, >> SID, etc. > I did more or less so and it resulted in subj problem. I guess some > experiments is needed > > > 2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>: > >> Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan: >>> Let me explain myself here. We ship video surveillance systems with >>> build-in ad domain controllers on 2 servers. Right now we have 4 active >>> projects and 3 more this year. Provisioning dc's by hand each time is a >>> pain I would like to avoid. >>> >>> There's not much I want from a domain: groups 'video' and 'video admins' >> to >>> exist, gpo's to auto redirect user profiles to network share and to >> prevent >>> users from video and video admins group from windows login and a some >>> specific password age settings. >> >> What is the reason to ship that system with an DC? I don't know your >> system, but usually this kind of equipment is something I want to >> _integrate_ into my network and not run it as a part that manages my >> network. >> >> Why not make it a domain member or standalone system with local users? >> >> >> >>> But if I would have to do this manually for every new system... >> You can script very easy around samba-tool the provisining, the join of >> the second DC, user/group creation, etc. >> >> >> And if you really want to work with cloning, then provision the first, >> join the second, do all your change, take a snapshot of both. Then you >> have the same setup again for the next customer. As long as the >> customers never will met and two of your systems come into the same >> network, is is no problem, because the domain would have the same name, >> SID, etc. >> >> >> >> Regards, >> Marc >>Will your appliance need to connect to other machines ? or is it a standalone thing ? What I am trying to get at is, will it run as a domain controller for other machines, if not, then it sounds like overkill to me and it also sounds a bit like the machine I have for our CCTV cameras, it outputs to a monitor (in our case, a TV) and stores everything on a hard drive, a bit like a NAS with eyes :-D Rowland
Krutskikh Ivan
2015-Oct-20 04:44 UTC
[Samba] unique index violation on objectSid on samba ad
We actually sell whole systems with isolated lan and centralized authentication and password management. Typically about 7 servers and 5 workstations. 2015-10-19 18:58 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 19/10/15 16:23, Krutskikh Ivan wrote: > >> And if you really want to work with cloning, then provision the first, >>> join the second, do all your change, take a snapshot of both. Then you >>> have the same setup again for the next customer. As long as the >>> customers never will met and two of your systems come into the same >>> network, is is no problem, because the domain would have the same name, >>> SID, etc. >>> >> I did more or less so and it resulted in subj problem. I guess some >> experiments is needed >> >> >> 2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>: >> >> Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan: >>> >>>> Let me explain myself here. We ship video surveillance systems with >>>> build-in ad domain controllers on 2 servers. Right now we have 4 active >>>> projects and 3 more this year. Provisioning dc's by hand each time is a >>>> pain I would like to avoid. >>>> >>>> There's not much I want from a domain: groups 'video' and 'video admins' >>>> >>> to >>> >>>> exist, gpo's to auto redirect user profiles to network share and to >>>> >>> prevent >>> >>>> users from video and video admins group from windows login and a some >>>> specific password age settings. >>>> >>> >>> What is the reason to ship that system with an DC? I don't know your >>> system, but usually this kind of equipment is something I want to >>> _integrate_ into my network and not run it as a part that manages my >>> network. >>> >>> Why not make it a domain member or standalone system with local users? >>> >>> >>> >>> But if I would have to do this manually for every new system... >>>> >>> You can script very easy around samba-tool the provisining, the join of >>> the second DC, user/group creation, etc. >>> >>> >>> And if you really want to work with cloning, then provision the first, >>> join the second, do all your change, take a snapshot of both. Then you >>> have the same setup again for the next customer. As long as the >>> customers never will met and two of your systems come into the same >>> network, is is no problem, because the domain would have the same name, >>> SID, etc. >>> >>> >>> >>> Regards, >>> Marc >>> >>> > Will your appliance need to connect to other machines ? or is it a > standalone thing ? > What I am trying to get at is, will it run as a domain controller for > other machines, if not, then it sounds like overkill to me and it also > sounds a bit like the machine I have for our CCTV cameras, it outputs to a > monitor (in our case, a TV) and stores everything on a hard drive, a bit > like a NAS with eyes :-D > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >