multiple domain contr. not allowed?

Charles Owens owensc at
Thu Aug 7 17:36:48 GMT 1997

On Thu, 7 Aug 1997, Luke Kenneth Casson Leighton wrote:

> On Thu, 7 Aug 1997, Charles Owens wrote:
> > Hi,
> > 
> > Using samba 1.9.17alpha5 on all servers, I'd like to configure one of my
> > servers to be a failover domain controller in case my usual domain
> > controller dies.
> cool.  someone that wants to use this feature!  you thinking of using 
> automount volumes, too, so that it _really_ doesn't matter which machine 
> you use - they both appear to be the same?

Yes... more or less.  Actually, I've written a perl script that gets fired
up (using "preexec") when a user connects to the netlogon share.  The
script does this

	Query custom NIS map that contains per user and per machine
		drive and printer share mapping info; also pointers
		to other batch files that should be run; looks at
		home dir path from passwd map to figure out share
		name for home directory  (home dir path format:
		/user/{machine}/home[#]/{username} )
	Create custom logon batch file based on info pulled
		in during above step.  File is named {smbd-pid}.bat.
		This batch file will:
		        1. mount shares, including home dir, if
			2. call other batch files, either before
				or after step 1, as specified.

Client runs logon batch file and when disconnecting from netlogon share a
"postexec'd" script cases the batch file to be deleted.

So, I can manage the resource usage of all of my clients by editting this
one NIS map.  AND, since it is a NIS thing I can easily have my backup
domain controller do the above with the client none the wiser.

In the future I'm going to add more logic that will examine just who the
user is and where there're logging in from (and when, possibly);  if the
user is not properly authorized then the preexec'd perl script will exit
with a non-zero, which (I've gathered) causes Samba to deny the domain
login.  I will probably also move the configuration database from NIS to
LDAP at some point. 

> >  Some verbage in BROWSE.TXT suggests that this is doable:
> > 
> > {
> > It is possible to configure two samba servers to attempt to become
> > the domain master browser for a domain.  The first server that comes
> > up will be the domain master browser.  All other samba servers will
> > attempt to become the domain master browser every 5 minutes.  They
> > will find that another samba server is already the domain master
> > browser and will fail.  This provides automatic redundancy, should
> > the current domain master browser fail.
> > }
> hey, i recognise this!
> > Though this could be read slightly differently, my assumption was that the
> > server with the highest os level setting would actually become the active
> > domain controller. 
> nope.
> os level is for local master browser elections.  local master browser 
> elections are on broadcast-isolated subnets, on broadcast-only netbios 
> names, and have nothing to do with the [unique in the WINS scope] domain 
> master browser netbios name.

Ahh... gotcha...
Okay... is there, then, anyway for me to specify which of my two domain
controller cantidates is preferred?  Such that this would happen:

	A = primary dom cntrl		B = backup dom cntrl

	A goes down
	B comes around eventually and assumes the domain controller role
	A comes back up and tries to assume dom. cntrl.
	B somehow knows that A is preferred so ceases being dom. cntrl.
	A assumes dom. cntrl. role


	B goes down
	B comes back up and tries to assume dom. cntrl.
	B detects existing dom. cntrl. (A) and does not become
		dom. cntrl. (this part works now)

> > What actually happens, though, is that nmbd on the
> > backup server _refuses_to_start_up_ if it detects that there is an active
> > domain control already running.  Here's a log.nmb snippet that
> > demonstrates this:
> > 
> > 08/06/97 10:37:49 netbios nameserver version 1.9.17alpha5 started
> > Copyright Andrew Tridgell 1994-1997
> > Added interface ip= bcast= nmask=
> > 08/06/97 10:37:49 attempting to become logon server for SERVICES
> > 08/06/97 10:37:49 attempting to become logon server for SERVICES
> > 08/06/97 10:37:49 add_domain_names: attempting to become domain master  \
> > 	browser on workgroup SERVICES
> > add_domain_names:querying WINS for domain master on workgroup SERVICES
> > response_name_query_domain: WINS server already has a domain master  \
> > 	browser registered SERVICES(1b) at address
> > ERROR: nmbd configured as domain master and one already exitsts !!!
> well, who the xxxx put _that_ in???  charles, remove those lines of code.  
> particularly the exit() one.  then let me know what happens.

Removing the exit() seems to have done the trick.  I started B and it
noticed that A was the dom. cntrl..  I then killed nmbd on A and, sure
enough, B became dom. cntrl.   Of course, when I restarted A's nmbd B
remained in the dom. cntrl. role instead of giving way to A (as discussed

  Charles N. Owens                               Email:  owensc at
  Network & Systems Administrator
  Information Technology Services  "Outside of a dog, a book is a man's
  Eastern Nazarene College         best friend.  Inside of a dog it's 
                                   too dark to read." - Groucho Marx

More information about the samba mailing list