Samba 3.0 alpha and LDAP: some questions
PINTO.ELIA at INSEDIA.INTERBUSINESS.IT
Wed Oct 2 11:02:00 GMT 2002
We are migrating from an AS/U(Advanced Server for Unix)/NT environment to
Samba/NT, using the Samba 3.0 alpha19.
We have implemented a domain with Samba acting as both PDC and BDC. Also we
use OpenLDAP as Samba backend in multimaster replication to realize the
sam syncronization between PDC and BDC. At the moment not all our
requirement are satisfied. We'd like to have your help to overcome the
obstacles. Following are the questions raised during our implementation:
1) Samba schema does not include the Domain groups and the
domain SID. Is it scheduled to include these in the Samba schema? I think
that is useful (no local
Secrets.tdb and group_mapping.tdb to replicate via rsync)
2) About BDC, could I update the user accounts when the PDC is
down? Is the BDC read-only like NT for the SAM?
3) We have dumped the Sam database from the AS/U server to
fully migrate our environment to Samba. We've seen that some machine
accounts and interdomain trust account have the lanman password length = 0,
lm password null and ntpasswd not null.
How the Samba would interpret that behaviors? That means we
should put "NO PASSWORDxxx...", or "disabled" for those accounts? I have
also found that after removing lmPassword from the SAMBA LDAP interdomain
trust account (with ldapmodify ) the trust seems to work but is this the
right thing to do ?
4) What does mean the acctFlag for "MNS logon account" ?
We hope you could kindly give us some suggestion. At the end of our project
we'll like to public our experiences if could be contribute to the Samba
More information about the samba-technical