Samba-3 does not at this time have this infrastructure. Samba-3 BDCs try to contact the LDAP server directly. So long as the master LDAP server can be contacted by the BDC the machine password change can be written, but if it is down, or can not be contacted the change will fail.If my PDC will fail, this mean that master ldap is down too ;-) And master ldap is single point of failure ......
In other words, in the absence of the PDC, the BDC can deal with machine account password changes so long as it can contact the master LDAP server.
IMHO, main question is does Samba BDC allow password change for domain machines. AFAIK, this is not fatal for domain machines to not change their passwords, i.e. it is possible to have SAM (or smbpasswd ;-) ) on BDC read-only.
I just want to know does following comment
/* if this next call fails, then give up. We can't do
password changes on BDC's --jerry */
in change_trust_pw.c
mean that machine password will not be changed on BDC?
Does somebody know answer to this , imho, simple question?
Certanly, it is easy enough to add configuration parameter to smb.conf, something like bdc=yes/no and return NT_STATUS_UNSUCCESSFUL in this function, but should I? :-)
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
