[Samba] BDC, documentation, Machine Accounts Keep Expiring

Dmitry Melekhov dm at belkam.com
Tue May 3 12:47:53 GMT 2005

Michael Joyner wrote:

> You could always use gpedit.msc and set the machine password change to 
> "NO" 

On 500 computers ? :-)
Anyway, I'd like to know will samba BDC allow machines to change 
passwords or not...

> Dmitry Melekhov wrote:
>> Hello!
>> I want to create BDC with smbpasswd backend, just because I run ldap 
>> master on the same machine as PDC and I don't think that using ldap 
>> backend will be far better for me.
>> Only thing I don't understand:
>> I read in howto:
>> <quote>
>>      Machine Accounts Keep Expiring
>> This problem will occur when the passdb (SAM) files are copied from a 
>> central server but the local Backup Domain Controller is acting as a 
>> PDC. This results in the application of Local Machine Trust Account 
>> password updates to the local SAM. Such updates are not copied back 
>> to the central server.
>> </quote>
>> But I looked into change_trust_pw.c
>> and see
>> /* if this next call fails, then give up.  We can't do
>>           password changes on BDC's  --jerry */
>> I.e., looks like machines will not change their password when working 
>> with BDC (i.e. when PDC is down).
>> Do I understand this right?
>> Thank you!

More information about the samba mailing list