[Samba] 'password server = *' not binding to PDC emulator -- "Domain password server not available."

lists_samba_org.99.jupman at spamgourmet.com lists_samba_org.99.jupman at spamgourmet.com
Tue Jul 19 15:03:38 GMT 2005

I am attempting to configure Samba 2.2.0 in our test
laboratory to use "security = domain" to allow us to
engineer a solution to move our existing Samba 2.2.0
production servers from "security = server" to
"security = domain" with minimal change/impact. This
work is being carried-out as we suspect that the
"security = server" setting is responsible for causing
infrequent, but significant, sporadic user disconnects
from their shares.

We have a large Windows 2000 computing environment,
which provides a number of Domain Controllers and also
a PDC Emulator. We should be able to connect our Samba
servers to the PDC Emulator for password
authentication. (In the lab, we have a single Windows
2000 Domain Controller, which also functions as the
PDC Emulator for the test domain.)

After successfully joining the TEST domain, my Samba
server cannot apparently see the PDC Emulator.

# ./smbclient -L localhost -Uusername%password
INFO: Debug class all level = 10   (pid 14807 from pid
doing parameter log file = /opt/samba/var/log.%m
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface ip=nn.nn.nn.nn bcast=nn.nn.nn.nn
session setup failed: ERRSRV - ERRbadpw (Bad password
- name/password pair in a Tree Connect or Session
Setup are invalid.)

-----------extract from log.hostname-----------
  domain_client_validate: Domain password server not

-----------extract from log.nmbd-----------
  announce_myself_to_domain_master_browser: no unicast
subnet, ignoring.

   dump workgroup on subnet      nn.nn.nn.nn: netmask=
        TEST(1) current master browser = UNKNOWN
                HOSTNAME 40009b03 (hostname Test Samba

The PDC Emulator is on a different subnet and thus the
NMB broadcast from Samba to the local subnet gets no
response. I'm told by our Windows Admins that in the
case of a Windows client not receiving a DC response
from its subnet, it will check the SOA record in DNS
for the client which contains a list of Domain
Controllers; then their client host will arbitrarily
connect to a Domain Controller from this list.

* Is this DNS SOA containing a list of DC's behaviour
"standard"? (I'm not sure whether this is an in-house
engineered method, or normal functionality under MS
* If so, does Samba 2.2.0 support this system? (Do
more recent versions?)
* If not, short of hardcoding "password server =
server1, server2, etc." how best should I solve this
problem? (I want to avoid hardcoding hostnames as the
Windows Admins tell me that the PDC Emulator is
considered a non-critical service, i.e. they can
change this host on which the Emulator is running at
any time without notifying anyone...)

Any help/pointers would be greatly appreciated.

Rgds, DaveB.

How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

More information about the samba mailing list