[Samba] Promoting Samba BDC to PDC

Pavan krishna p.krishna at diversityarrays.com
Thu Nov 17 22:49:39 GMT 2005

Hi Adrian,
        Thank you for your reply. Yeah i have done what you have 
described already, but the problem is that my client machine is not able 
to detect the BDC, though my testparm on the BDC shows me no errors. And 
yes the LDAP administrative password is stored in secrets.tdb else i 
cannot join my client machine to the domain and cannot even make changes 
to the ldapsam database with the admindn user.

Do you think i need to add something else on the Samba BDC file, 
following are my configuration settings for the BDC using the replicated 
ldapsam database.

    workgroup = testdom
    interfaces =
    printing = cups
    printcap name = cups
    printer admin = @ntadmin, root, administrator
    map to guest = Bad User
    security = user
    encrypt passwords = yes
    allow trusted domains = yes
    server string = Samba Server
    add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$
    domain master = no
    admin users = root
      hosts allow=192.168.9. 255.255.255. localhost
      remote announce=
    domain logons = yes
      preferred master=no
       enhanced browsing=yes
    local master = yes
    unix password sync = no
    passwd program = /bin/passwd %u
    ldap passwd sync = yes
    ldap delete dn = no
    pam password change = yes
    preferred master = yes
    os level = 65
    ldap suffix = dc=dart,dc=com
    ldap user suffix = ou=People
    ldap group suffix = ou=Group
    passdb backend = ldapsam:ldap://localhost
    netbios name = dartlinux
    username map = /etc/samba/smbusers
    logon home = \\%L\%U\.profile
    logon drive = H:
    logon path = \\%L\profiles\%U
    logon script = netlogon.bat
    wins support = yes
    log file = /var/log/samba/log.%m
    log level = 5
    ldap admin dn = uid=root,ou=People,dc=dart,dc=com
    idmap backend = ldap:ldap://localhost
    ldap idmap suffix = ou=Idmap
    ldap machine suffix = ou=Computers


adrian sender wrote:

> Hello Pavan
> Firstly have you been following the samba guide - Samba 3 by example 
> by John Terpstra.
> Chapter 5.
> You must now set the LDAP administrative password into the Samba-3 
> secrets.tdb file by executing this command:
> root#  smbpasswd -w not24get
> Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
> Now you must obtain the domain SID from the PDC and store it into the 
> secrets.tdb file also. This step is not necessary with an LDAP passdb 
> backend because Samba-3 obtains the domain SID from the sambaDomain 
> object it automatically stores in the LDAP backend. It does not hurt 
> to add the SID to the secrets.tdb, and if you wish to do so, this 
> command can achieve that:
> root#  net rpc getsid MEGANET2
> Storing SID S-1-5-21-3504140859-1010554828-2431957765 \
>                           for Domain MEGANET2 in secrets.tdb
> Regards,
> Adrian Sender.
> ------------------------------------------------------------------------------- 
> Hi All,
>        Has any one got an idea of how to make clients automatically 
> find the BDC when the PDC is stopped. Both PDC and BDC are running by 
> Samba authenticating again a LDAPSAM backend replicated on both the 
> PDC with master LDAP database and BDC with replicated LDAP database. 
> But when I stop PDC the clients are not detecting the BDC broadcast. I 
> can see that the replication is of the OpenLDAP data is perfect.
> Any idea of where i may be wrong??
> thankx in advance.
> pavan.
> --------------------------------------------------------------------------- 

Pavan Krishna L
Systems Administrator
Diversity Arrays Technology Pty Ltd
Ph:  +61 2 6281 8512
Fax: +61 2 6281 8533
Mob: +61 423 411 281

More information about the samba mailing list