[Samba] BDC & passwd changes
Andrew Bartlett
abartlet at samba.org
Sat Feb 6 02:18:06 MST 2010
On Fri, 2010-02-05 at 10:21 +1100, Mike Fabre wrote:
> Hello
>
> I have a network setup with one Samba PDC and two Samba BDCs separated
> by routers (ref http://www.cybersource.com.au/users/mikef/samba/). In
> this test environment the Samba servers all use the master OpenLDAP
> server on the PDC, but the production system will have OpenLDAP
> servers (using master-slave replication) on all Samba servers.
>
> I can't get the Windows XP client to change a password or enroll on
> the domain when connected to either of the BDC's networks, however
> both functions work fine when connected directly to the PDC's network.
> If the XP client is enrolled onto the domain while connected to the
> PDC's network then it successfully authenticates against the domain on
> all three networks, incl after being relocated to either BDC network.
>
> Anyone got any ideas what my problem might be?
What you need to do is either install a central WINS server, and point
the various networks at that single server, or (my preference) abuse the
separation of 'netbios name space' that your router has created, and
make all the Samba DCs PDCs of their own networks.
That way, they will all be contacted for password changes, because on
each of their local networks, they hold the DOMAIN#1B name.
(They need not be read-write OpenLDAP replicas, as Samba happily handles
the referral to the master for writes).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100206/9900e0fd/attachment.pgp>
More information about the samba
mailing list