Do you want/expect the bdc to be a logon server for w2k/xp ? If you do then you can't use security=domain, logon server=yes, as in my experience, Xp-pro will not reliably domain/logon to its pdc if another samba server is configured as a "logon-server" as well. I'd love to be proven wrong here. security=user uses local auth files. You have to "rsync" FROM the "master" to "bdc" ..occasionally.. for a consistent smbpasswd, passwd, and group across the domain. Or replicated ldap... smbpasswd -S ..should update sid ...see "man smbpasswd" hope this helps, Richard Coates.
On Fri, 2003-03-14 at 00:59, Robert Styma wrote: > > I have a question about setting up a samba BDC > (with a samba PDC). > > I am running Samba as the PDC on a small network. > Other Unix boxes on the network are running > with: > security = DOMAIN > encrypt passwords = Yes > update encrypted = Yes > password server = 192.168.1.5 > > So they make use of the PDC for smbmount and smbsh > applications. The W2K box also uses Samba at the PDC. > > I want to set up a Redhat 8 box as a BDC. > smbpasswd -S > got the machine ID informationa across to the secrets.tbd per > the BDC howto. Later it the document, it says I have to blindly > copy the secrets.tbd from the PDC to the BDC. It also says I have > to change from "security = DOMAIN" to "security = USER" > > This appears to indicate that the BDC will now use it's own authentication > information rather than defering to the PDC. > 1. Is this true? > > 2. Blindly copying the secrets.tbd across seems a dangerous idea. > Is there an equivalent to smbpasswd -S which just copies across > the relevant data.? > > 3. If not, is it really safe to copy secrets.tbd from the PDC to the BDC? > I do not want to foul things up trying to get the BDC to work. > I am not ready to try switching to LDAP, although I will do this if it is > the only way. > > Thanks for any help. > > > > -- > Robert E. Styma > Principal Engineer > AG Communication Systems, Phoenix - A subsidiary of Lucent > Email: [EMAIL PROTECTED] > Phone: 623-582-7323 > FAX: 623-581-4884 > Company: http://www.agcs.com > Personal: http://www.swlink.net/~styma > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba