[Samba] some question about BDCs

John Du jjohndu at gmail.com
Fri Apr 24 18:19:20 GMT 2009 

Tamás Pisch wrote:
> Hi,
>
> I want to set up SaMBa PDC and BDC with LDAP. I read the TOSHARG2, but don't
> understand something:
>
>   
>> Samba-3 cannot participate in true SAM replication and is therefore not
>>     
> able to employ
>   
>> precisely the same protocols used by MS Windows NT4. A Samba-3 BDC will not
>>     
> create
>   
>> SAM update delta files.
>>     
>
> Ok, I understand until that, but:
>
>   
>> It will not interoperate with a PDC (NT4 or Samba) to synchronize
>> the SAM from delta files that are held by BDCs.
>> The BDC is said to hold a read-only of the SAM from which it is able to
>>     
> process network
>   
>> logon requests and authenticate users. The BDC can continue to provide this
>>     
> service,
>   
>> particularly while, for example, the wide-area network link to the PDC is
>>     
> down.
>
> So, when I have SaMBa PDC (with master LDAP) and BDC (with slave LDAP), can
> BDC update machine and/or user information or not? As I understood, only the
> LDAP solution is suitable for a PDC-BDC setup, because "domain member
> servers and workstations periodically change the Machine Trust Account
> password", so BDC has to update some data.
> As I understood, BDC can change at least Machine Trust Account passwords.
> Additional question: can a user change his/her login password, when he/she
> connected to the BDC (in case PDC is available and in case PDC is
> temporarily unavailable)? I read in TOSHARG2 too that in the BDC's smb.conf,
> I don't need user/group modification scripts, so I guess, I cannot
> add/modify them from the BDC.
>
>   
I have the exact same questions.

I had a PDC usisng a master LDAP server and a few BDCs using slave LDAP 
servers.

Now, I upgraded LDAP to replicate in multi-master mode and set PDC and 
BDCs point to these LDAP servers.  In my current setup, what is the 
difference between the PDC and a BDC?

When an administrator add a computer or user to the domain from a 
Windows machine, how does the Windows machine decides which DC to contact?

I have read the Samba-How-To many times but have never understood this part.

Thanks for clarifying...

John





> Thanks.
>

More information about the samba mailing list