Samba 3.0 alpha and LDAP: some questions

Wed Oct 2 11:02:00 GMT 2002

Hi all

We are migrating from an AS/U(Advanced Server for Unix)/NT environment  to
Samba/NT, using the Samba 3.0 alpha19.
We have implemented a domain with Samba acting as both PDC and BDC. Also we
use  OpenLDAP as Samba backend in multimaster replication  to realize the
sam syncronization between  PDC and BDC. At the moment  not all our
requirement are satisfied. We'd like to have your help to overcome the
obstacles. Following are the questions raised during our implementation:

	1)	 Samba schema does not include the Domain groups and the
domain SID. Is it scheduled to include these in the Samba schema? I think
that is useful (no local
		Secrets.tdb and group_mapping.tdb to replicate via rsync)
	2)	About BDC, could I update the user accounts when the PDC is
down? Is the BDC read-only like NT for the SAM?
	3)	We have dumped the Sam database from the AS/U server to
fully migrate our environment to Samba.  We've seen that some machine
accounts and interdomain trust account  have the lanman password length = 0,
lm password null and  ntpasswd not null.
	 How the Samba  would  interpret that behaviors?  That means  we
should put "NO PASSWORDxxx...",  or "disabled" for those accounts? I have
also found that after removing lmPassword from the SAMBA LDAP interdomain
trust account  (with ldapmodify ) the trust seems to work but is this the
right thing to do ? 
	4)	What does mean the acctFlag for "MNS logon account" ?

We hope you could kindly give us some suggestion. At the end of our project
we'll like to public our experiences if could be contribute to the Samba

More information about the samba-technical mailing list