Passowrd policy patch on Samba-3.0.2 for LDAP backend
Jianliang Lu
j.lu at tiesse.com
Fri Feb 20 11:20:37 GMT 2004
On Thu Feb 19 22:44:47 GMT 2004, Jim McDonough wrote:
> >I think this is best - but I don't mind an option for always consistent
> >backends. If we have multi-master, then other things break (rid
> >allocation), so we can't exactly count on that either...
> So you can't really have always consistent backends this way either...
>
> There's still an issue...how do you properly update the PDC when the BDC
> encounters a bad password.
>
> On NT, the BDC does a netlogon call to the PDC as though it were a member
> server. This has several effects:
> - The user can still logon if the password change hasn't yet propagated
> - The PDC will know that a bad password was attempted if it really is bad
> - The PDC (if it is up/contactable) will always have the right count of bad
> passwords.
>
The LDAP Master-Slave replication could work as well, the BDC will update the
bad password count always on PDC ( referrals on master) if we set the chasing
REFERRALS on Samba BDC using ldap_set_option(). In this way the BDC using the
ldap client api to update the data referraled to ldap master.
Jianliang
Jianliang Lu
TieSse s.p.a. Ivrea (To) - Italy
j.lu at tiesse.com luj at libero.it
http://www.tiesse.com
More information about the samba-technical
mailing list