[Samba] Re: Transfering Machine Accounts / MACHINE.SID

Sharp, Clint clint.sharp at attws.com
Mon Dec 29 15:08:16 GMT 2003

> -----Original Message-----
> Tried what? ;-)
> Setup :
>    unix password sync = yes
>    passwd program = /usr/local/sbin/ldap-passwd.pl %u
> Note: ldap-passwd.pl is custom script to modify userpassword 
> attribute,
>      modify master server/able to chase referral if any.
> BDC -> Slave Openldap:
> 1. ldapmanager as replica account.
> User was able to change password from Win WS.
> ldap-passwd.pl update master, samba update slave.
> 2. ldapmanager not as replica account.
> - user unable to change password, err from Windows is "you 
> did not have permision to change your password".
> - run smbpasswd to change user password also giving error.
> but i did not try :
>  passdb backend = ldapsam:"ldap://slave ldap://master"
> Will it solve my problem?
> Another question:
> On what interval client changed their machine password? is it 
> triggered forn client or server?
> --beast 

Passdb backend = ldapsam:"ldap://master ldap://slave" works just fine
for me.  I have the passwd program set to /usr/bin/passwd and Samba
updates the Samba related entries in the Master LDAP (with passwd
updating the posixAccount related entries).  Took me a while to find the
ldapsam:"ldap://master ldap://slave" workaround too, but it's worked
flawlessly for me in production since.


More information about the samba mailing list