[Samba] PDC-BDC issue

Kris Van Hees kvanhees at sinenomine.net
Tue Apr 16 21:30:03 GMT 2002 

Hi all,

	We are trying to set up a global domain for NT users, where the actual
shares are stored on the backend with AFS (that part is done and works fine),
and where multiple branch locations have access to this system.  We are using
Samba to serve the files to the desktops.  To ensure that we can have a single
big domain so anyone can login in any location as oneself (and see the same
profile, etc), the PDC is located in the same central location as the AFS cell.
Each branch is being set up with a BDC so that local authentication can be
done against the domain and files can be served from the local Samba server,
while still being able to maintain a global domain concept by the fact that
all account management is done by the PDC anyway (since the BDC are read-only
SAM instances).

	In theory this seems to be a sound concept, but it does not seem to
work, and we are not sure why.  Say the domain is DOMAIN.  The PDC is located
at IP 10.0.0.5, while two BDCs are 192.168.10.1 and 192.168.10.2.  The PDC
has os level 72, while the two BDCs have os level 67 and 66 respectively.  The
smbpasswd files are being rsync'd from the PDC to the BDCs, and the Unix users
are stored in NIS, with the BDCs configured as NIS slave servers.

	What we are seeing is that when a machine is joining the domain, the
trust account is being created on one of the BDCs rather than on the PDC.  That
seems to violate the concept that the BDC has a read-only version of the SAM
information.

	So, the main questions are:

	- Is the setup that I describe here possible with Samba 2.2.3a (that is
	  the version we are currently using), or with the most recent alpha
	  version, or with the CVS version?
	- If it is possible, what is possibly wrong with our setup, causing
	  NT workstations to cause trust accounts to be created directly on
	  the BDC rather than on the PDC.

	Any help is very welcome!

	Kris

PS: The BDCs are configured as 'wins support = no', 'wins proxy = yes', and
    'wins server = 10.0.0.1'.  The PDC has 'wins support = yes'.  The BDCs
    are 'domain master = no', 'local master = no', 'preferred master = no',
    while the PDC has yes for those three settings.

More information about the samba mailing list