PDC/BDC && "domain logons = yes"

Mike Oswell oswell at xcert.com
Fri Aug 13 19:24:39 GMT 1999


Hello,

	I ran into a problem the other day where our NT PDC and BDCs
starting flaking out.  They all thought that there was another PDC on the
network and so would not promote.  After several hours of fighting with
the NT servers, we checked a change that had been made to our smb.conf on
our fileserver.  Namely, the addition of "domain logons = yes".  

	My understanding was that this addition would allow our fileserver
to properly authenticate windows 95/98 machines against the domain.  Now,
we are running Samba 2.0.5a, and I have included our smb.conf below.

	Is it expected behavior that with this line in the smb.conf that
samba would suddenly show up to the other NT boxes as a PDC?  Running "net
accounts" on any of our NT BDCs showed our samba server as the PDC,
whereas I had thought that this version of samba did not have any of the
NT PDC/BDC code in it.

	As a side note, if this is not the command that I should be using
to get NT machines that are not a member of the domain, and windows 95/98
boxes, to authenticate against the domain properly, how _do_ I do this?

Thanks.

-----
Michael Oswell
Xcert International Inc.


----- [ Snip of smb.conf ] -----

[global]
        workgroup               = OURDOM
        netbios name            = fileserver
        server string           = Internal Fileserver
#       domain logons           = yes
        local master            = no
        security                = domain
        password server         = pdc-van bdc-van
        hosts allow             = 10.0.1. 10.0.2. 10.0.3.
        name resolve order      = hosts bcast lmhosts wins
        load printers           = no
        printing                = bsd
        dns proxy               = yes
        encrypt passwords       = yes
        debug level             = 1
        socket options          = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        max log size            = 1024
        lock directory          = /data/samba/var/locks
        log file                = /data/samba/var/samba.log
        username map            = /data/samba/lib/username.map
        printcap name           = /etc/printcap
        lpq command             = /usr/bin/lpq -P%p
        queuepause command      = /usr/sbin/lpc stop %p
        queueresume command     = /usr/sbin/lpc start %p
        browsable               = yes
        guest ok                = no
        guest account           = nobody




More information about the samba mailing list