[Samba] Samba 3 PDC & BDC Servers
Larry Hansford
lhansfor at lch-assoc.com
Fri May 28 19:15:34 GMT 2004
I'm not sure what the configurations of the Primary and Backup servers
should be to enable them to operate as a domain across a WAN. The original
server has been running for some time as the master server, but now I am
adding a second (backup) server at the remote site. The global section of
the original server is:
[global]
log file = /var/log/samba/%m.log
printer = Lab_LJ1200
guest account = pcguest
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
admin users = root @sysadmin
printer admin = @sysadmin
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
obey pam restrictions = yes
printer name = Lab_LJ1200
guest ok = yes
local master = yes
domain master = yes
encrypt passwords = yes
passwd program = /usr/bin/passwd %u
dns proxy = no
netbios name = MAINSERVER
printing = cups
server string = mainserver
logon script = default.bat
unix password sync = yes
workgroup = OFFICE
os level = 125
preferred master = yes
max log size = 1000
pam password change = yes
log level = 3
security = user
domain logons = yes
add user script = /usr/sbin/useradd -g machines -c NTMachine -d
/dev/null -s /bin/false %u
delete user script = usr/sbin/userdel %u
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/bin/gpasswd -a %u %g
set primary group script = /usr/sbin/usermod -g %g %u
add machine script = /usr/sbin/useradd -d /dev/null -g 600 -s
/bin/false -M %u
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
disable netbios = yes
use client driver = yes
time server = yes
wins support = yes
name resolve order = wins lmhosts bcast
When I added the server at the remote site, I set up the global section
like this:
[global]
# dos charset = CP932
dos charset = UTF-8
# unix charset = EUC-JP
unix charset = UTF-8
display charset = CP932
workgroup = OFFICE
server string = remoteserver
security = domain
obey pam restrictions = Yes
password server = mainserver
guest account = pcguest
pam password change = Yes
passwd program = /usr/bin/passwd %u
smb passwd file = /etc/samba/smbpasswd
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log level = 3
log file = /var/log/samba/%m.log
max log size = 1000
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
add user script = /usr/sbin/useradd -g machines -c NTMachine -d
/dev/null -s /bin/false %u
logon script = default.bat
delete user script = usr/sbin/userdel %u
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/bin/gpasswd -a %u %g
os level = 30
preferred master = No
local master = No
domain master = No
dns proxy = No
guest ok = Yes
printer name = Remote_LJ6P
name resolve order = wins lmhosts bcast
encrypt passwords = yes
wins support = yes
admin users = root @sysadmin
printer admin = @sysadmin
netbios name = REMOTESERVER
printing = cups
domain logons = yes
set primary group script = /usr/sbin/usermod -g %g %u
add machine script = /usr/sbin/useradd -d /dev/null -g 600 -s
/bin/false -M %u
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
disable netbios = yes
use client driver = yes
I joined the secondary one to the domain, and all the users can access all
directories/files, but I get the following warning in the /var/log/messages
file on the secondary server:
Server's Role (logon server) NOT ADVISED with domain-level security
What should I change in the two server's global sections to ensure they
operate at primary and backup?
Thanks!
Larry
More information about the samba
mailing list