[Samba] BDC & passwd changes

Mike Fabre mike+samba at fabre.id.au
Sat Feb 6 06:21:51 MST 2010

On Sat, Feb 06, 2010 at 08:18:06PM +1100, Andrew Bartlett wrote:
> On Fri, 2010-02-05 at 10:21 +1100, Mike Fabre wrote:
> > Hello
> > 
> > I have a network setup with one Samba PDC and two Samba BDCs separated
> > by routers (ref http://www.cybersource.com.au/users/mikef/samba/). In
> > this test environment the Samba servers all use the master OpenLDAP
> > server on the PDC, but the production system will have OpenLDAP
> > servers (using master-slave replication) on all Samba servers.
> > 
> > I can't get the Windows XP client to change a password or enroll on
> > the domain when connected to either of the BDC's networks, however
> > both functions work fine when connected directly to the PDC's network.
> > If the XP client is enrolled onto the domain while connected to the
> > PDC's network then it successfully authenticates against the domain on
> > all three networks, incl after being relocated to either BDC network.
> > 
> > Anyone got any ideas what my problem might be?
> What you need to do is either install a central WINS server, and point
> the various networks at that single server,

I have got the PDC acting as the WINS server with the BDCs acting as a WINS proxy through to the PDC and then I have the clients use whatever samba server it is connected to as the WINS server. should that get the same result?

> or (my preference) abuse the
> separation of 'netbios name space' that your router has created, and
> make all the Samba DCs PDCs of their own networks. 
> That way, they will all be contacted for password changes, because on
> each of their local networks, they hold the DOMAIN#1B name.  
> (They need not be read-write OpenLDAP replicas, as Samba happily handles
> the referral to the master for writes).

That could work, is there any downside to doing it this way?

Mike Fabre

More information about the samba mailing list