[Samba] Issue with SambaNTPassword not replicating

[stephen mulcahy]

Hi,

I set up a Samba PDC/BDC configuration some time ago using LDAP as 
configured here - http://www.atlanticlinux.ie/blog/?p=25

The configuration has been working without problems for a few months now 
but we have noticed one issue. When users take their laptop from the 
network the PDC is serving to the networking the BDC is serving - they 
sometimes have problems logging in.

A dig through the BDC logs indicates the following error

[2008/12/09 12:02:30, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
   _net_auth2: creds_server_check failed. Rejecting auth request from 
client XXXX machine account XXXX$

Comparing the LDAP records on the PDC and the BDC for system XXXX I see 
that the following fields are different

sambaNTPassword: 64AF0BD8913B5BD2F6B92201B2AFD071
sambaPwdLastSet: 1226922777

on the PDC and BDC LDAP servers. It looks like the PDC has a newer 
sambaNTPassword than the BDC which would seem to explain the domain 
authentication problems.

I'm wondering why only the sambaNTPassword field is not getting 
replicated properly though. Is this a known issue with Samba in PDC/BDC 
config or do I need to look to OpenLDAP? I'll post some config files if 
someone has any input but didn't want to clutter this mail with excess 
detail.

Thanks for any comment,

-stephen




-- 
Stephen Mulcahy       Applepie Solutions Ltd.      http://www.aplpi.com
Registered in Ireland, no. 289353 (5 Woodlands Avenue, Renmore, Galway)