Samba4 TP5 as PDC with Win2k3 as BDC

Stefan (metze) Metzmacher metze at samba.org
Tue Jun 12 11:51:00 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Frank,

> My first scenario was a Samba 4 PDC standalone.  This worked ok, but I
> had some issues with speed of logins and general user maintenance.  But
> it was GREAT for a pre-Alpha product.

thanks!

> The second scenario is where I am stuck - Samba 4 PDC with Win2k3 BDC.
> I currently receive the following error when I try to create the server
> as a BDC:
> 
>         Failed to modify SPNs on
>         cn=brokenbox,cn=computers,dc=myhome,dc=int: kludge_acl_change:
>         attempted database modify not permitted. User MYHOME\BROKENBOX$
>         is not SYSTEM or an administrator

As stated in the release notes we have only very primitive access
checking...And that doesn't use ntSecurityDescriptor's yet...

>         EPOLL_CTL_ADD failed (Bad file descriptor) - falling back to
>         select()
>         EPOLL_CTL_ADD failed (Bad file descriptor) - falling back to
>         select()
>         EPOLL_CTL_ADD failed (Bad file descriptor) - falling back to
>         select()

I wonder why this happens, does this also happen with other network
operations?

> The Windows server name is brokenbox and begins this process as a
> non-domain server.  My Samba4 PDC is running on openSUSE 10.3 Alpha 4+.
> I am logging in with the domain administrator account.  After the
> installation has failed the server then belongs to the domain, but not
> as a BDC.  If I start the wizard again, it performs the same steps and
> fails with the same error.

Samba4 doesn't support replicating *to* windows servers yet,
it only has a very limited support for replication *from* windows servers...

If you would solve the above problem with the changing of the SPN
you would come to the next problem very fast. There's a lot more missing
until a windows DC would run in a domain that was created using samba4.

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGboikm70gjA5TCD8RAksZAKC0NVEy2lUMcDr1Oy+4BznGoTLdwwCdHEZX
pnOVqvd+ZBnD+mfjYl6+htI=
=/CmI
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list