[Samba] samba PDC & BDC

Sharp, Clint clint.sharp at attws.com
Mon Dec 29 14:33:09 GMT 2003

-----Original Message-----
Machine is added to domain, no problem right, because PDC fields this
whereas BDC handles most of logon chores. What if PDC/LDAP is offline?
Doesn't Machine Add then get added to slave LDAP? How about if user
changes his password? Do I really want the secrets.tdb to have rootdn
PASSWORD? Shouldn't this be a non-rootdn in the BDC's smb.conf with only
sufficient access to see sambaNTPassword & sambaLMPassword with read
only and no write privileges to anything? I.E. PDC down, no password
changes, no new machine accounts.



Usually, it's recommended you set the binddn to something other than
root, but with priviledges that can modify anything needed (even on the
PDC).  In a BDC situation, that user canNOT have access to modify
anything (and will be required to be set as the updatedn in the
slapd.conf anyways, if it's a replication slave).


More information about the samba mailing list