[Samba] BDC, documentation, Machine Accounts Keep Expiring
John H Terpstra
jht at PrimaStasys.Com
Tue May 3 13:32:36 GMT 2005
On Tuesday 03 May 2005 06:53, Paul Gienger wrote:
> > I want to create BDC with smbpasswd backend, just because I run ldap
> > master on the same machine as PDC and I don't think that using ldap
> > backend will be far better for me.
>
> <snip>
>
> > I.e., looks like machines will not change their password when working
> > with BDC (i.e. when PDC is down).
> >
> > Do I understand this right?
>
> That would appear to be the case. I guess you've found one good reason
> (of the many) to use an LDAP backend where multiple servers are involved.
Samba-3 Domain Control has limitations that NT4 Domain Control does not have.
With NT4 DC, the BDC will record SAM changes into a local delta file. When the
PDC comes up again, at the first PDC trigger to the BDCs to send SAM updates
to the PDC the PDC will collect the changes, apply them and then propogate
them to all BDCs.
Samba-3 does not at this time have this infrastructure. Samba-3 BDCs try to
contact the LDAP server directly. So long as the master LDAP server can be
contacted by the BDC the machine password change can be written, but if it is
down, or can not be contacted the change will fail.
In other words, in the absence of the PDC, the BDC can deal with machine
account password changes so long as it can contact the master LDAP server.
(Jerry, Any comments or corrections?)
- John T.
More information about the samba
mailing list