[Samba] Re: Transfering Machine Accounts / MACHINE.SID

Beast indorama at rad.net.id
Mon Dec 29 11:28:00 GMT 2003


Monday, December 29, 2003, 5:52:20 PM, Andrew wrote:

> Have you actually tried this?  Really, we are not in the buisness of
> creating solutions that simply don't work.  Many production sites
> (mind included) rely on our LDAP code, including the bahaviour that
> allows DCs to bind to slave ldap servers, rebinding to the mster when
> required.  Indeed, we recently intergrated the 'ldap replication
> sleep' parmaeter to assist in this process.

Tried what? ;-)

Setup :
   unix password sync = yes
   passwd program = /usr/local/sbin/ldap-passwd.pl %u

Note: ldap-passwd.pl is custom script to modify userpassword attribute,
     modify master server/able to chase referral if any.

BDC -> Slave Openldap:

1. ldapmanager as replica account.
User was able to change password from Win WS.
ldap-passwd.pl update master, samba update slave.

2. ldapmanager not as replica account.
- user unable to change password, err from Windows is "you did not have
permision to change your password".
- run smbpasswd to change user password also giving error.

but i did not try :
 passdb backend = ldapsam:"ldap://slave ldap://master"
Will it solve my problem?

Another question:
On what interval client changed their machine password? is it
triggered forn client or server?


--beast 



More information about the samba mailing list