[Samba] invalid value 'netbios backup domain controller'

Ken Bass kbass at kenbass.com
Sun Oct 11 19:04:01 UTC 2015 

On 10/11/2015 02:17 PM, Rowland Penny wrote:
> So, it works if the line isn't there, but it still works if the line
> is there and it throws an error
>
> Pretty obvious cure, don't have the line in smb.conf, you do not need
> it. The only place it is required is on an AD DC and the smb.conf for
> this is created for you.

When I manually upgraded my Samba3 configuration to Samba4, I went 
through the man page. The man page says:

       server role (G)

            This option determines the basic operating mode of a Samba 
server and is one of the most important settings in the smb.conf file.

When the documentation calls something out as 'ONE OF THE MOST IMPORTANT 
SETTINGS', I figure I better pay attention.
And the description says:

"SERVER ROLE = CLASSIC PRIMARY DOMAIN CONTROLLER

            This mode of operation runs a classic Samba primary domain 
controller, providing domain logon services to Windows and Samba clients 
of an NT4-like domain. Clients must be joined to the
            domain to create a secure, trusted path across the network. 
There must be only one PDC per NetBIOS scope (typcially a broadcast 
network or clients served by a single WINS server).

Something similar for BACKUP.

Since I am running both a primary and backup domain setup to provide 
logon services of an NT4-like domain, this seemed like exactly what is 
required.
Did I misunderstand something?



>
> I am also intrigued, why are you modifying smb.conf and restarting
> samba every night? most people set it once and then leave it alone.

Comcast ISP sometimes changes the IPv6 address/prefix assigned to my 
network. Since most clients on my network prefer IPv6 over IPv4 and I 
have a 'hosts allow' in my smb.conf, whenever the IPv6 is changed, 
client no longer have permission to connect to the samba servers. My 
solution was to create a script that is executed whenever the the DHCP 
client renews/changes the IPv6 prefix. My initial version of the script 
takes the current IPv6 prefix, uses sed and modifies the hosts allow 
line in the smb.conf, then restarts smb/nmb. I just modified the script 
to only modify and restart if the prefix actually changes. This should 
prevent it from running every 24 hours or so when the DHCP address renews.

More information about the samba mailing list