[Samba] Unable to change Windows password on Samba BDC

Andrew Bartlett abartlet at samba.org
Mon May 5 23:07:30 GMT 2008 

On Thu, 2008-05-01 at 19:38 +0000, Matt Anderson wrote:
> Dear Help,
> 
> We are currently running Samba 3.0.22 on a distributed network/domain as a PDC
> (primary domain controller) and several as BDCs (Backup domain controllers) in
> our branch offices located around the country.
> 
> At this point, the PDC is set up in our corporate office (where I'm located) and
> users have no trouble authenticating (via logging into windows and accessing
> shares) and also have no trouble changing passwords (either when they expire or
> manually) through the Windows interface.
> 
> However, users located in the branch offices (where the BDCs are located), they
> have no trouble authenticating (via logging into windows and accessing shares)
> BUT are unable to change their password through the Windows interface, getting
> the error that "The system cannot change your password now because the domain
> <name> is not available".  All clients are Windows XP with SP2 installed.
> 
> I have added (see below) the smb.conf for our PDC as well as the BDC that's
> causing problems -- all BDCs basically have the exact same config.

If your PDC and BDC are *not* in the name netbios name space, because
for example they do not use WINS, or use only local WINS servers, then
you can set each remote 'BDC' as if it was a PDC.

The only think that enforced the 'one PDC' requirement in Samba is the
netbios namespace, and many sites have been set up where there are
multiple PDCs for exactly this (being distributed with an LDAP backend)
reason.

Note that this does not make any changes to how you have LDAP configured
- it may still be master/slave, and it will work just as it did before,
as long as the BDCs can write (by following the LDAP referrals).

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20080506/0096eb34/attachment.bin

More information about the samba mailing list