[Samba] security = ads: problem join XP Pro?

[Etienne-Hugues Fortin]

Hi,

I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as
a PDC.  At first, I had some problem with the user administrator.  I've
then found the workaround a few days ago.  Now that this is fixed, I'm
trying to join a XP Pro workstation to my domain.  I've done multiple test
and never succeeded.  I'm always getting XP Pro to complain about not
being able to find a domain and talking about a SRV entry in my DNS (which
is dynamic as required when using dhcp at the same time).

So, this morning, in a desesperate attempt, I changed security = ads to
security = domain and retry to join the domain from XP Pro.  To my
surprise, it worked fine.  I've reread the documentation and it's still
saying that we should use security = domain when our server is acting as a
BDC, not a PDC.

I still have to do more test tonight to see if everything is working but
right now, I'm more curious to understand why my samba server (which is
now acting as a BDC) is accepting a join request while it's not when it's
acting as a PDC.  Is that normal?  Should I keep my server in security =
domain mode?

Thank you.


Etienne-Hugues Fortin