[Samba] Samba 3 as BDC

Andrew Bartlett abartlet at samba.org
Wed Nov 20 12:14:01 GMT 2002


On Wed, 2002-11-20 at 22:53, Ronan Waide wrote:
> On November 20, abartlet at samba.org said:
> > It should work, once  you get the SIDs right, for users at least
> > (assuming ldap or rsynced smbpasswd).  Other things are harder to get
> > synced across correctly.
> > 
> > There is some (slightly out date) documentation in the source disto.  
> 
> I'm fighting with this at the moment. net rpc vampire isn't documented
> in the source distro (that I can find, anyway) but for anyone else
> playing with it, it does take a bit of fiddling to make it work. I
> presume there's a way to make all this work without creating Unix
> accounts (LDAP or winbindd) but since I'm trying not to go too far out
> on a limb, I will note that the use-unix-accounts option requires you
> to have working "add machine", "add user", and "add group" scripts. It
> will fail non-obviously if you don't have these (for example, it
> claims to be creating the groups, but doesn't do so, because you've
> not defined the script - this had me stumped for a while).

If you want to contribute some doco or simply a discussion of what you
did and how you did it, it would be most appreciated.

You must use the 'add user' scripts etc - because we don't automatically
create these users, and we don't allow users without a unix id to be
represented.  I might add some more LDAP magic toward this, but that's
how it is for now.  

> The question I'd have, since it's pertinent to what I'm trying to do:
> Is it possible to "net rpc vampire" a PDC, then promote Samba to the
> PDC and demote the Windows box to the BDC? I don't care if syncing
> doesn't work after I've done that, I just need to be able to force
> every machine in the domain to recognise that the PDC is, er, not the
> PDC any more, but I can't take the PDC out of the domain entirely
> because there are other things running on it.

You can't demote to BDC - it will try and sync the passwords, and that
will fail badly.  However, if demoted all the way to domain member, it
should work.  

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20021120/9170fbdc/attachment.bin


More information about the samba mailing list