[Samba] Re: Workstation Trust Accounts

Nicki Messerschmidt, Linksystem Muenchen GmbH n.messerschmidt at buero.link-m.de
Fri Jan 24 18:00:30 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Langasek wrote:
> Nicki Messerschmidt wrote:
>>> Steve Langasek wrote:
>>>> Let me guess. If I do it this way samba acts as a pdc but the
>>>> clients do not try to update their accounts? Are there any
>>>> drawbacks using this technique?
>>> That makes them act as BDCs instead of all trying to be a PDC.
>>> Trying to deploy multiple PDCs in an NT4 domain and syncing
>>> between them will introduce nasty race conditions that should
>>> be avoided.
>> But we don't have multiple PDCs in _one_ domain. We have five
>> PDCs in _five_ domains plus one master server which acts as
>> "administrative" Server where all Useraccounts are entered but
>> which has no samba running. Does it still work then, if I let
>> the now PDCs be BDCs?
> Then I don't understand what problem you're having.  What isn't
> working in this scenario?  Are you trying to synchronize the
> machine accounts between the domains?  (If you're doing that,
> *why* do you have separate domains?)
There are seperate domain because it is a company which consinsts of
many companys and is geographicaly spread via town. There is one boss
who wants to be able to create useraccounts on one machine via webmin
(don't ask why). And the problem is that if user A changes his password
via nt it gets distributed to all other servers which in turn "forget"
the changed workstation trust account passwords. But I think, that I
just have to disable this "feature" on every machine... Or is there an
equivalent to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
\RefusePasswordChange=1
in smb.conf?

Cheers and thanks
Nicki

- --
Linksystem Muenchen GmbH                          info at link-m.de
Schloerstrasse 10                           http://www.link-m.de
80634 Muenchen                              Tel. 089 / 890 518-0
We make the Net work.                       Fax 089 / 890 518-77

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
Comment: Get my key at: https://www.link-m.de/pgp/n.messerschmidt.asc

iQA/AwUBPjFwtOs1nPm17iBDEQK2OQCglbBVWCwAl875x7HYBJlsdnLDpoIAnj12
l2LbOaMUVYCcrjeNlYENmlVu
=5Ldj
-----END PGP SIGNATURE-----




More information about the samba mailing list