[Samba] Samba PDC in many branch offices + one LDAP database - how to change passwords?

Tomasz Chmielewski mangoo at interia.pl
Thu Oct 28 15:40:53 GMT 2004

Paul Gienger wrote:
>> Heh, ask at OpenLDAp group, they point you to Samba group; ask at 
>> Samba group, they point you back to OpenLDAP :)
> That's partially the fault of your approach to the problem.  You're 
> trying to eat all the meals for the day at once.  Try to get ldap 
> working fine at the system level (breakfast) then once you have that 
> foundation laid you can start layering on dependant services like samba, 
> mail, apache auth, etc. (dinner, supper, midnight snack).

I have it working fine already - OpenLDAP works as a central server, 
replicates to each branch office, in each office there is a Samba 3 
working as a PDC that looks for a password in OpenLDAP slave which is 
located in the same office.
The only problem I have, is when in a branch office user changes 
password - it should be somehow uploaded to the master OpenLDAP - and 
from there propagated to the rest of slaves in other branches.

>> "From my (limited) knowledge of samba (3.0.X), it allows to configure 
>> both the slave and the master DSA for users storage,
> Nope, it only allows you to specify one. Well really you can put in more 
> than one, but there isn't anything to specify which is master/slave, 
> they're all just 'there'.  That is why you need to have your LDAP 
> structure working first, it will handle referring the updates.  
> smbldap-tools will allow you to specify master and slave so that it 
> writes to the master directly for useradds and such.

OK, thanks, will try that approach.


More information about the samba mailing list