On Thu, Apr 29, 2010 at 5:37 PM, Steve Thompson <[email protected]> wrote: > On Tue, 6 Apr 2010, Steve Thompson wrote: > >> Samba 3.x.y (various) on CentOS 5.4 x86_64 with the ldapsam backend; one >> PDC, two BDC's and about a dozen member servers. The configuration file on >> each of course specifies the "ldap admin dn" and each system has the >> associated password specified with "smbpasswd -w". Question is: how often is >> the ldap admin actually used for anything, such that if I change the real >> password associated with the account, how much grace do I get before I have >> the run "smbpasswd -w" on each member server, all without restarting smb? > > No-one responded to this, so I did a little experiment. I changed the > password in the LDAP database for the account corresponding to ldap admin > dn, and then changed the password in secrets.tdb on all my Linux member > servers (+PDC+BDC) using "smbpasswd -w". Immediately (within a minute or so) > all windows clients joined to the domain and logged in to a domain account > hung. Changed the ldap admin dn password back to its former value, and all > the clients continued from where they were with no apparent ill effects. So > the question is: if the ldap admin dn password is changed, do the clients > have to be rejoined to the domain? I'd really like to change this password > periodically, so I hope that this is not the case. I've been unable to find > any documentation that touches on this point. >
I believe when I changed the ldap admin / Manager password I needed to restart the samba servers on the pdc and my 3 bdcs after updating the secrets on each machine. All has been well after this. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
