[Samba] Re: Workstation Trust Accounts

Steve Langasek vorlon at netexpress.net
Thu Jan 23 16:47:01 GMT 2003

On Thu, Jan 23, 2003 at 04:45:08PM +0100, Nicki Messerschmidt, Linksystem Muenchen GmbH wrote:
> Steve Langasek wrote:
> >> I have a really ugly problem, which, as I know is partially selfmade.
> >> But to the problem:
> >> I have five servers running samba-2.2.3a-12 (latest Debian Woody
> >> release) which are controlled by one master server. All of the five
> >> servers act as pdc for an own nt-domain. Now to keep the
> administrative
> >> work as low as possible I have this one master server. Via this
> server
> >> we/our customer adds/deletes all user accounts. This works as
> expected
> >> and cvs is my friend here. The users can change their passwords via
> nt,
> >> because the scripts for "passwd program" manage this part.
> > Set 'domain master = no', but 'domain logons = yes', on all of the
> > "PDCs" except the master.  In an NT4-style domain, it's really not
> > feasible to have more than one *primary* domain controller.
> Let me guess. If I do it this way samba acts as a pdc but the clients do
> not try to update their accounts? Are there any drawbacks using this
> technique?

That makes them act as BDCs instead of all trying to be a PDC.  Trying to
deploy multiple PDCs in an NT4 domain and syncing between them will
introduce nasty race conditions that should be avoided.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20030123/2116d5dc/attachment.bin

More information about the samba mailing list