On Thu, 13 Feb 2003, Oktay Akbal wrote: > On Wed, 12 Feb 2003, Hsu, Cheng (Consultant) wrote: > > > But my experiment shows that I MUST > explicitly join the > > NT domain > > in order for everything to work. > > Just a guess: Make sure that the server do not only have the same > smb.conf, but also the same SID (MACHINE.SID or whatever > setup of samba > you use)
This will not be enough in the long run... The SID is what identifies the machine all right. But on join your the machine registers a (random) password with the DC. Now if you join the second server with the same name/SID the DC will update the password to the 2nd machine's idea of what it should be and the 1st machine can't log into the domain any more :-( And it is worse... You could probably (r)sync smb.conf, MACHINE.SID plus the domain password (secrets.tdb?) between the two servers and things would work for a while. But you need to do this on a regular basis as the password is updated to a new random password every now and then (default once a week?) and the secondary server would be out of sync. Just as an suggestion to the samba team ... a hook like "machine pwd update script = sync_secrets.sh" in smb.conf would come in handy. Hope I was of any help Uli -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba