[Samba] BDC not working in a full-samba-env

John H Terpstra jht at Samba.Org
Thu Apr 21 16:48:34 GMT 2005 

On Thursday 21 April 2005 10:32, Matthias Eichler wrote:
> Dear List,
>
> I am trying to set up a BDC in a full-samba environment,
> without full success.
> I followed the howtos about this topic with the following
> settings:

Martin,

If you can follow chapter 5 of the new "Samba-3 by Example" book I'd 
appreciate a step-by-step account up to the point of failure. I promise to 
fix anything that is broken - and by doing that to help you to gain a working 
system.

You can download the book in PDF format from:

http://www.samba.org/samba/docs/Samba-Guide.pdf

PS: This book is undergoing technical editting at this time and your 
assistance would be most valuable.

- John T.

>
> BDC:
> ----
> [global]
>         workgroup = KERNZEIT
>         netbios name = APPSERVER
>         security = user
>         server string = %h (Samba %v)
>         announce version=5.0
>
>         #LDAP STUFF
>         passdb backend = ldapsam:"ldap://127.0.0.1 ldap://10.1.1.1"
>         ldap suffix = dc=kernzeit,dc=com
>         ldap machine suffix = ou=smb-machines
>         ldap admin dn = "cn=admin,dc=kernzeit,dc=com"
>         ldap ssl = no
>         ldap user suffix = "dc=kernzeit,dc=com"
>         ldap group suffix = ou=groups,ou=nss
>
>         wins support = yes
>         preferred master = yes
>         time server = yes
>         os level = 33
>
>         #DOMAIN STUFF
>         domain master = yes
>         (tried this with domain master yes and no, as there
>          are different howtos regarding this setting)
>         domain logons = yes
>         idmap backend = "ldap:127.0.0.1 ldap:10.1.1.1"
>
>         #LOGON STUFF
>         logon path = \{}\{}%L\{}Profiles\{}%u
>         logon script = login.bat
>         logon drive = H:
>         logon home = \\LOGIN\%U
>         template homedir = /home/%U
>
> FILESERVER:
> -----------
> [global]
>         workgroup = KERNZEIT
>         netbios name = FILESERVER
>         server string = %h
>         announce version = 5.0
>         os level = 20
>
>         encrypt passwords = true
>         obey pam restrictions = no
>         security = domain
>         password server = 10.1.1.1, 10.1.1.10
>
>         panic action = /usr/share/samba/panic-action %d
>         nt acl support = yes
>         wins support = no
>         wins proxy = no
>         wins server = 10.1.1.1 10.1.1.10
>         dns proxy = no
>         local master = no
>         preferred master = no
>
>         domain master = no
>         domain logons = no
>
> The problem is:
> - user workstations can log on and are getting the netlogon-
>   script in the right way
> - the fileserver (members server of the domain) says the
>   following while the netlogon script is failing:
>
> [2005/04/21 18:24:22, 2] auth/auth.c:check_ntlm_password(312)
>   check_ntlm_password:  Authentication for user [service] -> [service]
> FAILED with error NT_STATUS_NO_LOGON_SERVERS
>
> Thanks for any help!
>
> Matthias

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list