[Samba] LDAP+BDC user password change trouble

[robert.walland at r-kb.si]

Hi,
We are using a PDC (Primary LDAP) and BDC (Replica LDAP). Changing 
password on PDC works fine, but no way when users are logged on BDC. The 
truth is that PDC and BDC are configured with  passdb backend = 
ldapsam:ldap://127.0.0.1/. The users get the message like "You are not 
allowed to change password"   or "You can not change password at this 
time" when they want to change their password.
Is it only possible to change password when the BDC is showing to Primary 
LDAP? As I know LDAP supports that you can change something on Replica 
which is then synchronized with the primary LDAP. I'm using only idealx 
scripts and they are not included in the BDC smb.conf, because BDC should 
do only logging for now.
Some lines from my smb.conf 
 
        workgroup = DOMAIN
        netbios name = SERVER
        server string = LDAP BDC Samba Server %v 

        os level = 65
        preferred master = no
        local master = yes
        domain master = no
        domain logons = yes
        security = user
        enable privileges = no
        encrypt passwords = yes
        obey pam restrictions = No
 
        name resolve order = wins bcast
        dns proxy = no

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 
IPTOS_LOWDELAY

        syslog = 2
        syslog only = yes

         preserve case = yes
        case sensitive = no
 
        logon path =
        logon home =
 
        passdb backend = ldapsam:ldap://127.0.0.1/
         ldap admin dn = cn=samba,ou=DSA,dc=r-kb,dc=si
        ldap suffix = dc=r-kb,dc=si
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        # ldap idmap suffix = ou=Idmap
 
        #ldap delete dn = Yes
        #ldap chat debug = Yes
        ldap ssl = no