multiple domain contr. not allowed?

Luke Kenneth Casson Leighton lkcl at
Thu Aug 7 19:18:54 GMT 1997

On Thu, 7 Aug 1997, Charles Owens wrote:

> > > Using samba 1.9.17alpha5 on all servers, I'd like to configure one of my
> > > servers to be a failover domain controller in case my usual domain
> > > controller dies.
> > 
> > cool.  someone that wants to use this feature!  you thinking of using 
> > automount volumes, too, so that it _really_ doesn't matter which machine 
> > you use - they both appear to be the same?
> Yes... more or less.  Actually, I've written a perl script that gets fired
> up (using "preexec") when a user connects to the netlogon share.  The
> script does this
> 	Query custom NIS map that contains per user and per machine


> In the future I'm going to add more logic that will examine just who the
> user is and where there're logging in from (and when, possibly);  if the
> user is not properly authorized then the preexec'd perl script will exit
> with a non-zero, which (I've gathered) causes Samba to deny the domain
> login.  I will probably also move the configuration database from NIS to
> LDAP at some point. 

> > os level is for local master browser elections.  local master browser 
> > elections are on broadcast-isolated subnets, on broadcast-only netbios 
> > names, and have nothing to do with the [unique in the WINS scope] domain 
> > master browser netbios name.
> Ahh... gotcha...
> Okay... is there, then, anyway for me to specify which of my two domain
> controller cantidates is preferred?  Such that this would happen:
> 	A = primary dom cntrl		B = backup dom cntrl



microsoft intended this system to be: one machine registers the unique 
NetBIOS name domain<1b>.  this is the PDC.  the PDC and all BDCs register 
the "internet group" NetBIOS name, domain<1c>.

i don't fully understand the distribution of services between PDC and 
BDCs.  therefore, i haven't implemented it.

what i did instead was to simply have 'PDC peers'.  only one machine can 
be the PDC, and they constantly try to become the PDC.  only one machine 
can ever register the unique NetBIOS name domain<1b> with the WINS 
server, therefore you can only have one PDC.

> 	A goes down
> 	B comes around eventually and assumes the domain controller role
> 	A comes back up and tries to assume dom. cntrl.
> 	B somehow knows that A is preferred so ceases being dom. cntrl.

this is the tricky bit, that requires some communication between the 
various machines configured as PDCs.  which we don't presently have.

> 	A assumes dom. cntrl. role
> also
> 	B goes down
> 	B comes back up and tries to assume dom. cntrl.
> 	B detects existing dom. cntrl. (A) and does not become
> 		dom. cntrl. (this part works now)
> Thoughts?

- can you make do with turning your configuration into 'peers'?

- how about a nmbregister program, similar to nmblookup, that does 
name_register() and name_release()?  a name_release() being sent to the 
client will clear the way for A to reclaim the name.

except that you will need to kick A _quick_ to get it to reclaim.

> > > ERROR: nmbd configured as domain master and one already exitsts !!!
> > 
> > well, who the xxxx put _that_ in???  charles, remove those lines of code.  
> > particularly the exit() one.  then let me know what happens.
> Removing the exit() seems to have done the trick.  I started B and it
> noticed that A was the dom. cntrl..  I then killed nmbd on A and, sure
> enough, B became dom. cntrl.   Of course, when I restarted A's nmbd B
> remained in the dom. cntrl. role instead of giving way to A (as discussed
> above).

good.  that's what i wanted to hear.



p.s - those script (perl hacks).  you interested in them being in the 
samba distribution?

More information about the samba mailing list