[Samba] some question about BDCs

Tamás Pisch pischta at gmail.com
Fri Apr 24 11:05:46 GMT 2009


I want to set up SaMBa PDC and BDC with LDAP. I read the TOSHARG2, but don't
understand something:

>Samba-3 cannot participate in true SAM replication and is therefore not
able to employ
>precisely the same protocols used by MS Windows NT4. A Samba-3 BDC will not
>SAM update delta files.

Ok, I understand until that, but:

>It will not interoperate with a PDC (NT4 or Samba) to synchronize
>the SAM from delta files that are held by BDCs.
>The BDC is said to hold a read-only of the SAM from which it is able to
process network
>logon requests and authenticate users. The BDC can continue to provide this
>particularly while, for example, the wide-area network link to the PDC is

So, when I have SaMBa PDC (with master LDAP) and BDC (with slave LDAP), can
BDC update machine and/or user information or not? As I understood, only the
LDAP solution is suitable for a PDC-BDC setup, because "domain member
servers and workstations periodically change the Machine Trust Account
password", so BDC has to update some data.
As I understood, BDC can change at least Machine Trust Account passwords.
Additional question: can a user change his/her login password, when he/she
connected to the BDC (in case PDC is available and in case PDC is
temporarily unavailable)? I read in TOSHARG2 too that in the BDC's smb.conf,
I don't need user/group modification scripts, so I guess, I cannot
add/modify them from the BDC.


More information about the samba mailing list