ClearFoundation Tracker - ClearOS | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0006181 | ClearOS | app-samba - Windows Networking | public | 2015-11-12 15:10 | 2020-03-02 09:44 |
| Reporter | dloper | ||||
| Assigned To | |||||
| Priority | normal | Severity | trivial | Reproducibility | always |
| Status | closed | Resolution | suspended | ||
| Platform | OS | OS Version | |||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0006181: Full BDC functionality | ||||
| Description | Backup domain controllers should use the SID of the domain for their localsid. This is necessary for using a BDC as a domain controller on a remote LAN. Without this, current BDCs are not able to authenticate users. This becomes particularly painful on remote networks where local authentication is required. Samba documentation has this to say: "The following operation is useful only for machines that are being configured as a PDC or a BDC. DMS and workstation clients should have their own machine SID to avoid any potential namespace collision. Here is the way that the BDC SID can be synchronized to that of the PDC (this is the default NT4 domain practice also):root# net rpc getsid -S FRODO -Uroot%not24get" (DMS means domain member server) All workstations joined to the domain already have the domain SID set to the same as the domain. This statement means that the localSID should be the same and when performing this in real world scenarios where the BDC is offsite, it resolves domain join and authentication issues. While the documentation states that 'net rpc getsid -S SERVERNAME -Uwinadmin%password' should perform the task, it doesn't work. Per the suggestion of the documentation where this appears (https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html [^]), it would be wise to backup the localsid before replacing it in case a server ever needs to be removed as a BDC/PDC on the network. net getlocalsid > /etc/samba/my-sid -or- net getlocalsid > /var/lib/samba/deprecated-local-sid As a note, once this is done on the BDC, anyone logging into the domain controller will be given the logon scripts from the local netlogon. which should be enabled if enabled on the PDC and replicated. Currently it is disabled on the BDC as a share. Change: Available = No -to- Available = Yes | ||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2015-11-12 15:10 | dloper | New Issue | |||
| 2016-02-16 12:54 | user2 | Status | new => acknowledged | ||
| 2016-02-16 12:54 | user2 | Target Version | 6.7.0 Updates => 6.8.0 Updates | ||
| 2017-01-03 10:50 | user2 | Product Version | 6.7.0 => | ||
| 2017-01-03 10:50 | user2 | Target Version | 6.8.0 Updates => 7.4.0 Beta 1 | ||
| 2017-08-18 10:02 | user2 | Target Version | 7.4.0 Beta 1 => 7.4.0 Updates | ||
| 2018-02-12 10:22 | user2 | Target Version | 7.4.0 Updates => | ||
| 2020-03-02 09:44 | NickH | Note Added: 0013221 | |||
| 2020-03-02 09:44 | NickH | Status | acknowledged => closed | ||
| 2020-03-02 09:44 | NickH | Resolution | open => suspended | ||
| Notes | |||||
|
|
|||||
|
|
||||