[Samba] Understanding Documentation about BDC in HowTo Collection

Michael Gasch gasch at eva.mpg.de
Sat Nov 5 14:36:35 GMT 2005

hi list&john,

i read in the documention about BDCs:
The domain SID has to be the same on the PDC and the BDC. In Samba 
versions pre-2.2.5, the domain SID was stored in the file 
|private/MACHINE.SID|. For all versions of Samba released since 2.2.5 
the domain SID is stored in the file |private/secrets.tdb|. This file is 
unique to each server and cannot be copied from a PDC to a BDC; the BDC 
will generate a new SID at startup. It will overwrite the PDC domain SID 
with the newly created BDC SID. There is a procedure that will allow the 
BDC to aquire the domain SID. This is described here.

To retrieve the domain SID from the PDC or an existing BDC and store it 
in the |secrets.tdb|, execute:

|root# |*|net rpc getsid

is this enough, because net getlocalsid gives
SID of DOMAIN MYDOMBDC is s-1-5-21-.... which is not the same like the SID of MYDOM.
net getlocalsid MYDOM gives the right SID on BDC.

on PDC "net getlocalsid" and "net getlocalsid MYDOM" produces the same SID

so should i also do "net setlocalsid <SID_OF_MYDOM> on BDC" or is it not wise to have 2 machines with the same SID 
on the network although they're linux???

i have a samba v3 setup like:

PDC -> LDAP master, with secondary slave LDAP server.
BDC -> LDAP slave server, with secondary master LDAP server.

i think this is fine but i'm thinking about migrating to:
PDC -> LDAP master, with secondary slave LDAP server.
BDC -> LDAP master, with secondary slave LDAP server.

what's zour opinion about switching the BDC to point its first ldap 
server to ldapmaster? both are in the same subnet.
i'm just afraid of LDAP master failing and time outs on BDC side because 
it tries to connect to LDAP master....well if BDC LDAP fails then i have 
timeout, too...right...so what's zour opinion?

thx as usual :)

More information about the samba mailing list