[Samba] Samba as a PDC / Windows NT 4 SP6a as a BDC

Julien Bordet Julien.Bordet at intrinsec.com
Mon Jul 26 11:05:49 GMT 2004 

Hi every body,
 
As you may have guessed, I've got a problem ;)
 
What I had :
 
   - A PDC Server (Windows NT 4 SP 6a), called SERVER1, for the domain TEST
   - A BDC Server (Windows NT 4 SP 6a), called SERVER2, for the domain TEST
 
Everything was working fine.
 
Now I switched my NT PDC to a Samba PDC, and I make SERVER1 a BDC for the domain. Until now, no problem. I use samba 3.0.4, connected to OpenLDAP thanks to the ldapsam method.
 
However, after promoting Samba to be the PDC, it seems that none of the two BDC (SERVER1 and SERVER2) can synchronize SAM, LSA and BUILTIN databases from SAMBA.
 
So I can logon with any user/password that existed before the migration, but cannot add any new account on the SAMBA/LDA Server. I've got a password error when trying to log in.
 
On both servers, I have the following error :
 
Event ID 5718
The full synchronization replication of the LSA database from the primary domain controller servername failed with the following error: Procedure number out of range.
 
I've successfully tried to establishe a secure channel from the BDC, with the netdomain command 
 

NETDOM BDC SERVER1 /SYNC

However, trying to force a synchronization returns :

C:\ntreskit>nltest /BDC_QUERY:TEST
Server : \\SERVER1
        SyncState :  REPLICATION_IN_PROGRESS
        ConnectionState : Status = 1745 0x6d1 RPC_S_PROCNUM_OUT_OF_RANGE
The command completed successfully

The error message here corresponds to the message of the event viewer.

Have anyone of you seem anything like that before ?

I've search both the microsoft support site and the samba mailing list archive, but without success. 

Many thanks for your help. 

 

Julien

 

 

Here is my smb.conf :

 

[Global]
workgroup = TEST
netbios name = SAMBA
server string = SAMBA-LDAP
username map = /etc/samba/smbusers
encrypt passwords = yes
interfaces = 172.16.0.115/16

domain logons = Yes
os level = 65
domain master = Yes
local master = No
security = user
wins support = Yes

passdb backend = ldapsam:ldap://localhost
ldap admin dn = "cn=samba,ou=DSA,dc=testdomain,dc=fr"
ldap ssl = off
ldap delete dn = yes
ldap user suffix = ou=Utilisateurs
ldap group suffix = ou=Groupes
ldap machine suffix = ou=Machines
ldap suffix = dc=testdomain,dc=fr
ldap idmap suffix = ou=Users
ldap passwd sync = yes

Dos charset = 850
Unix charset = ISO8859-1

log level = 99
log file = /var/log/samba/%m.log
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

logon script = logon.bat
logon drive = H:
logon home =
logon path =

add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

[homes]
comment = Répertoires utilisateurs
valid users = %U
read only = No
create mask = 0664
directory mask = 0775
browseable = No

[netlogon]
path = /var/lib/samba/netlogon
browseable = No
read only = Yes

More information about the samba mailing list