Brian M Hoy wrote:
Summary
The second point happens, because the PC will _occasionally_ use a different DC to authenticate against (it's secure channel partner in MS parlance). If it just so happens to change its machine account password with this SCP, then the machine's domain membership is broken next time it uses its "normal" SCP. My Workaround I have a written a Perl script which fetches the machine account details from every LDAP server on our network and then figures out which one has the most recent machine account password, and then submits the change to the LDAP master so that it is replicated everywhere, thereby getting around these problems. It works, but is not ideal A quick look at the Samba source suggests that it would not handle LDAP referrals. Am I right here? If it did, then LDAP could be configured to give a referral to the LDAP master for changes, solving the problem (at least for LDAP users).
samba 2.2.8 may help: 16) Fixes for --with-ldapsam * Default to port 389 when "ldap ssl != on" * add support for rebinding to the master directory server for password changes when "ldap server" points to a read-only slave -- ____________________________________________________ Ignacio Coupeau, Ph.D. [EMAIL PROTECTED] CTI, Director [EMAIL PROTECTED] University of Navarra [EMAIL PROTECTED] Pamplona, SPAIN http://www.unav.es/cti/