[Samba] NT4 machine trust breaks on a Samba-BDC
Mikko Kortelainen
mikko.kortelainen at hut.fi
Sat Nov 2 09:08:01 GMT 2002
>> We have Samba (2.2.5) running on three servers, each in a different
>> subnet. One of them is a PDC (domain master = yes). The Samba PDC is
>> also the NIS master. The smbpasswd is replicated using rsync to the
>> other machines that act as Samba BDCs (domain master = no). They are
>> also NIS slave servers. The smbpasswd synchronization takes place
>> automatically every time smbpasswd is updated, and the NIS maps are
>> updated and pushed automatically to the slaves whenever a machine
>> joins the domain.
>> Anybody have any ideas or suggestions? Where should I start
debugging?
> Check that the domain SID is the same. Sync secrets.tdb, or use the
> new smbpasswd option (2.2.6) to 'suck' the SID from PDC to each BDC.
I understood that you can't just copy the secrets.tdb to the BDCs,
because it contains some host specific information. I've ran "smbpasswd
-S <domain>" on both BDCs before starting smbd on them (It seems that if
you start smbd on the local host with option "workgroup = <the domain,
the sid of which you're trying to retrieve>" in smb.conf, and run
smbpasswd -S after that, it will retrieve the sid from the local smbd.
At least in my configuration where the PDC is in a different subnet...?)
Anyhow, I checked the secrets.tdb databases, and the 48 bytes following
the string "SECRETS/SID/<domain>" match on every host (and more, there's
a lot of zeroes). I'm not sure it that's the right place to look? Is
there a way of printing out the domain SID in cleartext?
Plus, shouldn't the other OSes complain also, if my domain SIDs were
wrong? But it's just the NT4. What does it do differently than W2k and
WXP...?
-Mikko-
More information about the samba
mailing list