[Samba] BDC, documentation, Machine Accounts Keep Expiring

John H Terpstra jht at PrimaStasys.Com
Tue May 3 13:32:36 GMT 2005

On Tuesday 03 May 2005 06:53, Paul Gienger wrote:
> > I want to create BDC with smbpasswd backend, just because I run ldap
> > master on the same machine as PDC and I don't think that using ldap
> > backend will be far better for me.
> <snip>
> > I.e., looks like machines will not change their password when working
> > with BDC (i.e. when PDC is down).
> >
> > Do I understand this right?
> That would appear to be the case.  I guess you've found one good reason
> (of the many) to use an LDAP backend where multiple servers are involved.

Samba-3 Domain Control has limitations that NT4 Domain Control does not have.

With NT4 DC, the BDC will record SAM changes into a local delta file. When the 
PDC comes up again, at the first PDC trigger to the BDCs to send SAM updates 
to the PDC the PDC will collect the changes, apply them and then propogate 
them to all BDCs.

Samba-3 does not at this time have this infrastructure. Samba-3 BDCs try to 
contact the LDAP server directly. So long as the master LDAP server can be 
contacted by the BDC the machine password change can be written, but if it is 
down, or can not be contacted the change will fail.

In other words, in the absence of the PDC, the BDC can deal with machine 
account password changes so long as it can contact the master LDAP server.

(Jerry, Any comments or corrections?)

- John T.

More information about the samba mailing list