I supposed it depends if Samba is configured to automatically create the
underlying unix accounts when you create samba accounts. My setup
doesn't. I created a "user" account in ldap for my BDC. (the
unix
passwd shd be *LK* and the shell shd be /bin/false) Running "net rpc
join" will then add the appropriate samba attributes.
I think you also need to grab the domain SID
BDC# net rpc getsid
Password:
Storing SID S-...1234 for Domain MYDOMAIN in secrets.tdb
#
However, I am not sure the domainsid for the machine is meant to match
the domainsid of the domain. On my PDC, they match. On the BDC, they
don't. I am not sure if I need to change that.
PDC# net getdomainsid
SID for domain PDC is: S-xxxx-1234
SID for domain MYDOMAIN is: S-xxxx-1234
BDC# net getdomainsid
SID for domain BDC is: S-xxxx-1234
SID for domain MYDOMAIN is: S-xxxx-1234
And you also need to set the ldap password
BDC# smbpasswd -w xxxxxx
Setting stored password for "Admin" in secrets.tdb
BDC#
pdbedit -Lv bdc$ should indicate the machine is type S.
group mappings do NOT seem to be stored in ldap. So you either need to
copy the approp tdb file over or run the identical net group map
commands on the BDC.
I am not 100% convinced my BDC is setup correctly tho.
On 10/14/09 02:05, Mariano Absatz wrote:> If I configure a samba PDC and then a samba BDC, do I need a machine
> trust account for the BDC?
>
> That is, do I have to run "net rpc join" on the BDC?
>
> Or manually create the account for the BDC in LDAP?
>
>