[Samba] Re: Transfering Machine Accounts / MACHINE.SID
Andrew Bartlett
abartlet at samba.org
Sat Dec 27 06:45:33 GMT 2003
On Sat, 2003-12-27 at 15:51, Beast wrote:
> Saturday, December 27, 2003, 5:41:37 AM, Andrew wrote:
>
> > On Sat, 2003-12-27 at 07:10, Information Technology wrote:
> >>
> >> My goal is to rebuild my PDC as I mentioned earlier. I stated in another
> >> thread my plan was to create a 3.0.1 BDC; tranfer the accounts; transfer the
> >> shares; then, move the user and system accounts into LDAP. Once the PDC is
> >> rebuild and I need to transfer control back, It should be simple to move the
> >> LDAP first, point the new Samba to the new primary LDAP, and demote the
> >> temporary PDC back down to BDC.
>
> > And to make it a real BDC, setup an LDAP slave.
>
> If I put PDC in slave ldap, is this means that it will update the
> slave (because samaba will bind as ldap-root which has authority of
> updating this replica)?
> No way to prevent samba to using other ldap account to update the
> directory?
You should never list the Manager account as the replicator. Instead,
create a new account, and use it only for the replication. That way,
everybody who is not the replicator account will be forced to talk to
the master.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031227/0eae2358/attachment.bin
More information about the samba
mailing list