[Samba] Promoting Samba BDC to PDC

adrian sender adrian_au1 at hotmail.com
Fri Nov 18 04:03:46 GMT 2005


Assuming you can id username; pdbedit -Lv username, slapcat, getent passwd, 
gentent group etc on the BDC then we can assume that all information is been 
replicated and ldap is working.

There is a command used to query what domain controllers are on your 
network, nmblookup. I have not used this in a while and cannot remember the 
exact command; but because you have a pdc & bdc they register the same 
netbios name under 1b & 1c. I'll try to find this out as its very usefull; 
from it you can tell how many domain controllers are on a network.

Also remember that you cannot join a machine to a domain when the pdc is 
down; you can however login.

Here is my working bdc smb.conf without the shares; it is a copy of the one 
from Samba 3 by example.
(Chapter 6)
unix charset = LOCALE
workgroup = DDESIGN
netbios name = node2
passdb backend = ldapsam:ldap://
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No
logon script = %U.bat
logon path = \\%L\profiles\%U
logon drive = H:
domain logons = Yes
os level = 63
domain master = No
wins server =
ldap suffix = dc=ddesign,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
#ldap admin dn = cn=sambaadmin,dc=ddesign,dc=com
ldap admin dn = cn=Manager,dc=ddesign,dc=com
utmp = Yes
idmap backend = ldap://
idmap uid = 10000-20000
idmap gid = 10000-20000
printing = cups

I have idmap backend pointing to the pdc.


Adrian Sender.

>From: Pavan krishna <p.krishna at diversityarrays.com>
>To: adrian sender <adrian_au1 at hotmail.com>
>CC: samba at lists.samba.org
>Subject: Re: [Samba] Promoting Samba BDC to PDC
>Date: Fri, 18 Nov 2005 09:49:39 +1100
>Hi Adrian,
>        Thank you for your reply. Yeah i have done what you have described 
>already, but the problem is that my client machine is not able to detect 
>the BDC, though my testparm on the BDC shows me no errors. And yes the LDAP 
>administrative password is stored in secrets.tdb else i cannot join my 
>client machine to the domain and cannot even make changes to the ldapsam 
>database with the admindn user.
>Do you think i need to add something else on the Samba BDC file, following 
>are my configuration settings for the BDC using the replicated ldapsam 
>    workgroup = testdom
>    interfaces =
>    printing = cups
>    printcap name = cups
>    printer admin = @ntadmin, root, administrator
>    map to guest = Bad User
>    security = user
>    encrypt passwords = yes
>    allow trusted domains = yes
>    server string = Samba Server
>    add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody 
>-s /bin/false %m$
>    domain master = no
>    admin users = root
>      hosts allow=192.168.9. 255.255.255. localhost
>      remote announce=
>    domain logons = yes
>      preferred master=no
>       enhanced browsing=yes
>    local master = yes
>    unix password sync = no
>    passwd program = /bin/passwd %u
>    ldap passwd sync = yes
>    ldap delete dn = no
>    pam password change = yes
>    preferred master = yes
>    os level = 65
>    ldap suffix = dc=dart,dc=com
>    ldap user suffix = ou=People
>    ldap group suffix = ou=Group
>    passdb backend = ldapsam:ldap://localhost
>    netbios name = dartlinux
>    username map = /etc/samba/smbusers
>    logon home = \\%L\%U\.profile
>    logon drive = H:
>    logon path = \\%L\profiles\%U
>    logon script = netlogon.bat
>    wins support = yes
>    log file = /var/log/samba/log.%m
>    log level = 5
>    ldap admin dn = uid=root,ou=People,dc=dart,dc=com
>    idmap backend = ldap:ldap://localhost
>    ldap idmap suffix = ou=Idmap
>    ldap machine suffix = ou=Computers
>adrian sender wrote:
>>Hello Pavan
>>Firstly have you been following the samba guide - Samba 3 by example by 
>>John Terpstra.
>>Chapter 5.
>>You must now set the LDAP administrative password into the Samba-3 
>>secrets.tdb file by executing this command:
>>root#  smbpasswd -w not24get
>>Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
>>Now you must obtain the domain SID from the PDC and store it into the 
>>secrets.tdb file also. This step is not necessary with an LDAP passdb 
>>backend because Samba-3 obtains the domain SID from the sambaDomain object 
>>it automatically stores in the LDAP backend. It does not hurt to add the 
>>SID to the secrets.tdb, and if you wish to do so, this command can achieve 
>>root#  net rpc getsid MEGANET2
>>Storing SID S-1-5-21-3504140859-1010554828-2431957765 \
>>                           for Domain MEGANET2 in secrets.tdb
>>Adrian Sender.
>>Hi All,
>>        Has any one got an idea of how to make clients automatically find 
>>the BDC when the PDC is stopped. Both PDC and BDC are running by Samba 
>>authenticating again a LDAPSAM backend replicated on both the PDC with 
>>master LDAP database and BDC with replicated LDAP database. But when I 
>>stop PDC the clients are not detecting the BDC broadcast. I can see that 
>>the replication is of the OpenLDAP data is perfect.
>>Any idea of where i may be wrong??
>>thankx in advance.
>Pavan Krishna L
>Systems Administrator
>Diversity Arrays Technology Pty Ltd
>Ph:  +61 2 6281 8512
>Fax: +61 2 6281 8533
>Mob: +61 423 411 281

More information about the samba mailing list