Samba 3 searching for DMB instead of PDC?

Christopher R. Hertel crh at
Fri Apr 1 05:42:29 GMT 2005

On Thu, Mar 31, 2005 at 06:04:29PM +0200, Pedot Wolfgang wrote:
> After some investigation I found that the get_pdc_ip function
> (libsmb/namequery.c) which is used by change_trust_account_password
> (smbd/change_trust_pw.c) to find the PDC is actually looking for a
> <mydomain>#1b which is a Domain Master Browser and not a PDC
> (<mydomain>#1c) and here my problem starts:

In your follow-up message you noted that <mydomain>#1c names are group 
names for all DCs in the NT Domain, which is correct.  You are also 
correct that the <mydomain>#1B name is the DMB name, not (necessarily) the 
PDC name.

...but...  For various reasons (none of them particularly good) the PDC 
*must* also be the DMB.  So, if you're looking for the PDC (assuming there 
is one) and you find the DMB then you've found the PDC.

If a PDC exists then there must be a DMB and it must be the same node.  On 
the other hand, you can have a workgroup with a DMB and *no* domain 
controllers at all.  (Samba can do this, but Windows can't.)

> For some reason this domain
> does not have a DMB (at least according to the WINS-Server)

That's a problem, and is probably the problem you'll need to solve.  
Something is happening on your network to cause the DMB service to fail.  
Most likely, some other node on the same LAN as the PDC is winning the LMB 
election (which shouldn't happen).

> and so my
> samba3 boxes do not know where to go for changing the passwords. A
> <mydomain>#1b entry in lmhosts did not lead to success because after
> get_pdc_ip there is a name_status_find call which is not successful
> because the pdc does not answer on #1b name queries and so the whole
> thing failes because of timeout.

It's probably failing to answer on the #1b query because the name is 
being de-registered.  Again, probably because there's an election failure.

The DMB is supposed to win the LMB election on its own subnet.  Something 
else (most likely a misconfigured Samba server) is winning the election 
which is (probably) causing the DMB to demote itself.

That's all a guess, but it's where I would look first.

> Just for a test I changed the type from 0x1b to 0x1c in the get_pdc_ip
> function (libsmb/namequery.c line 1237) and (smbd/change_trust_pw.c line
> 49) and the machine was able to change its password.

The whold system is a bit fragile, IMNSHO.

> Now my question is: Why is samba3 looking for a DMB in a function called
> ~ "get_pdc_ip"? Is there a deeper sense in this or is it just so that
> usually the PDC is also the DMB in a domain?

By definition, the PDC must run the DMB service.  The lack of a DMB 
strongly suggests that something else is wrong on this network.

Hope that's helpful.

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list