[Samba] BDC, documentation, Machine Accounts Keep Expiring
Dmitry Melekhov
dm at belkam.com
Wed May 4 08:39:29 GMT 2005
>Samba-3 does not at this time have this infrastructure. Samba-3 BDCs try to
>contact the LDAP server directly. So long as the master LDAP server can be
>contacted by the BDC the machine password change can be written, but if it is
>down, or can not be contacted the change will fail.
>
>In other words, in the absence of the PDC, the BDC can deal with machine
>account password changes so long as it can contact the master LDAP server.
>
If my PDC will fail, this mean that master ldap is down too ;-) And
master ldap is single point of failure ......
IMHO, main question is does Samba BDC allow password change for domain
machines. AFAIK, this is not fatal for domain machines to not change
their passwords, i.e. it is possible to have SAM (or smbpasswd ;-) ) on
BDC read-only.
I just want to know does following comment
/* if this next call fails, then give up. We can't do
password changes on BDC's --jerry */
in change_trust_pw.c
mean that machine password will not be changed on BDC?
Does somebody know answer to this , imho, simple question?
Certanly, it is easy enough to add configuration parameter to smb.conf,
something like bdc=yes/no and return NT_STATUS_UNSUCCESSFUL in this
function, but should I? :-)
More information about the samba
mailing list