[Samba] Samba as domain controller

Bruno Guerreiro bruno.guerreiro at ine.pt
Wed Jan 11 09:35:27 GMT 2006


> -----Original Message-----
> From: Andreas Fladischer [mailto:andreas.fladischer at ecofinance.com] 
> Sent: quarta-feira, 11 de Janeiro de 2006 9:26
> To: samba at lists.samba.org
> Subject: [Samba] Samba as domain controller
> hi at all!
> i set up a system where samba is a primary and a secondary 
> domain controller; the authentication is over ldap and 
> everything works fine but....
> i would like to test what happen when the pdc is down and so 
> i shutdown the smb service on the pdc. the logins from all 
> clients worked well on the bdc but when i try to join a new 
> machine to the domain, it can't contact the domain controller 
> (ok because the pdc is down). my question is, wheather it is 
> possible to configure the bdc so, that i can join to the 
> domain when the pdc is down?

That's the normal behaviour on an NT Domain. When the PDC is no users can be
modified or machines added. The Domain enters a reand-only state. The only
way would be to "promote" the BDC to PDC.
> my second question is wheather it is possible, that all 
> administrative users can join a new machine to the domain and 
> not only the root user?

Yes, if using privileges you must set the  SeMachineAccountPrivilege.
Something like 
net rpc rights grant username SeMachineAccountPrivilege

Hope this helps,
Bruno Guerreiro

> with best regards
> Andreas
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list