[Samba] Member server won't authenticate against Samba BDC

Bryan K. Walton bryanw at weccusa.org
Fri Oct 1 19:22:08 GMT 2004

For the last few years, we have had a NT4 PDC (without a BDC).
This week I undertook the process of builing a Samba BDC running
Debian linux.  This new BDC is running samba version 3.0.7.  After
setting up the box, I copied all of the user, group, and machine
accounts over to the new bdc, using "net rpc vampire".

The BDC is up and running and I see everybody authenticating against
it.  I would like to make it the PDC, and take down our old NT domain
controller, but I have one samba member server (running Samba 3.0.4)
that insists on authenticating users against the old nt controller
(wecc-server) and I can't figure out how to make it stop. Oh, I should
also mention that the new BDC is using a tdbsam backend.

The member server (amanda) has unix and smbpasswd accounts in the BDC
(jerry) that I "vampired" from wecc-server.  Here is an excerpt from 
Amanda's smb.conf:

workgroup = WECC-DOMAIN
security = domain
password server = jerry, wecc-server

And here is an excerpt from Jerry's smb.conf:

workgroup = WECC-DOMAIN
os level = 34
local master = Yes
preferred master = Yes
domain master = No

If I promote Jerry to a PDC from a BDC, and then shut down the old NT
domain controller, none of our employees can connect to any shares on
Amanda.  When they try, they get a message:

"There are currently no logon servers available to service the logon
request."   Now, I've also tried removing the "wecc-server" listing from
Amanda's "password server =" line in its smb.con, in addition to the 
above steps, but it doesn't make any difference.

Can anybody tell me what might be wrong here?  I'm sure I'm missing
something but have run out of ideas.  In the meantime, I keep the old NT
domain controller up and running.  Please let me know if there are
other parts of the smb.conf files that you would like to see.

Much thanks!!
Bryan Walton

More information about the samba mailing list