[Samba] BDC, documentation, Machine Accounts Keep Expiring
Dmitry Melekhov
dm at belkam.com
Tue May 3 12:47:53 GMT 2005
Michael Joyner wrote:
> You could always use gpedit.msc and set the machine password change to
> "NO"
On 500 computers ? :-)
Anyway, I'd like to know will samba BDC allow machines to change
passwords or not...
>
> Dmitry Melekhov wrote:
>
>> Hello!
>>
>> I want to create BDC with smbpasswd backend, just because I run ldap
>> master on the same machine as PDC and I don't think that using ldap
>> backend will be far better for me.
>> Only thing I don't understand:
>> I read in howto:
>> <quote>
>>
>>
>> Machine Accounts Keep Expiring
>>
>>
>> This problem will occur when the passdb (SAM) files are copied from a
>> central server but the local Backup Domain Controller is acting as a
>> PDC. This results in the application of Local Machine Trust Account
>> password updates to the local SAM. Such updates are not copied back
>> to the central server.
>> </quote>
>>
>> But I looked into change_trust_pw.c
>> and see
>> /* if this next call fails, then give up. We can't do
>> password changes on BDC's --jerry */
>>
>> I.e., looks like machines will not change their password when working
>> with BDC (i.e. when PDC is down).
>>
>> Do I understand this right?
>>
>> Thank you!
>>
>>
>
More information about the samba
mailing list