On Thu, 13 Feb 2003, Oktay Akbal wrote:> On Wed, 12 Feb 2003, Hsu, Cheng (Consultant) wrote:
>
> > But my experiment shows that I MUST
> explicitly join the
> > NT domain
> > in order for everything to work.
>
> Just a guess: Make sure that the server do not only have the same
> smb.conf, but also the same SID (MACHINE.SID or whatever
> setup of samba
> you use)
This will not be enough in the long run...
The SID is what identifies the machine all right. But on join your the
machine registers a (random) password with the DC. Now if you join the
second server with the same name/SID the DC will update the password to the
2nd machine's idea of what it should be and the 1st machine can't log
into
the domain any more :-(
And it is worse... You could probably (r)sync smb.conf, MACHINE.SID plus the
domain password (secrets.tdb?) between the two servers and things would work
for a while. But you need to do this on a regular basis as the password is
updated to a new random password every now and then (default once a week?)
and the secondary server would be out of sync.
Just as an suggestion to the samba team ... a hook like "machine pwd update
script = sync_secrets.sh" in smb.conf would come in handy.
Hope I was of any help
Uli