[Samba] Samba BDC and secrets.tdb question

richard rcoates at bigpond.net.au
Sat Mar 15 10:35:29 GMT 2003

Do you want/expect the bdc to be a logon server for w2k/xp ? If you do
then you can't use security=domain, logon server=yes, as in my
experience, Xp-pro will not reliably domain/logon to its pdc if another
samba server is configured as a "logon-server" as well. I'd love to be
proven wrong here. 
security=user uses local auth files. You have to "rsync" FROM the
"master" to "bdc" ..occasionally.. for a consistent smbpasswd, passwd,
and group across the domain. Or replicated ldap...
smbpasswd -S ..should update sid ...see "man smbpasswd"
hope this helps,
Richard Coates.

On Fri, 2003-03-14 at 00:59, Robert Styma wrote:
> I have a question about setting up a samba BDC
> (with a samba PDC).
> I am running Samba as the PDC on a small network.
> Other Unix boxes on the network are running
> with:
>         security = DOMAIN
>         encrypt passwords = Yes
>         update encrypted = Yes
>         password server =
> So they make use of the PDC for smbmount and smbsh
> applications.  The W2K box also uses Samba at the PDC.
> I want to set up a Redhat 8 box as a BDC.
> smbpasswd -S 
> got the machine ID informationa across to the secrets.tbd per
> the BDC howto.  Later it the document, it says I have to blindly
> copy the secrets.tbd from the PDC to the BDC.  It also says I have
> to change from "security = DOMAIN" to "security = USER"
> This appears to indicate that the BDC will now use it's own authentication
> information rather than defering to the PDC. 
> 1.  Is this true?
> 2.  Blindly copying the secrets.tbd across seems a dangerous idea.
>     Is there an equivalent to smbpasswd -S which just copies across 
>     the relevant data.?
> 3.  If not, is it really safe to copy secrets.tbd from the PDC to the BDC?
>     I do not want to foul things up trying to get the BDC to work.
>     I am not ready to try switching to LDAP, although I will do this if it is
>     the only way.
> Thanks for any help.
> -- 
> Robert E. Styma 
> Principal Engineer
> AG Communication Systems, Phoenix - A subsidiary of Lucent
> Email: stymar at agcs.com
> Phone: 623-582-7323
> FAX:   623-581-4884
> Company:  http://www.agcs.com
> Personal: http://www.swlink.net/~styma
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list