[Samba] Promoting Samba BDC to PDC

adrian sender adrian_au1 at hotmail.com
Sat Nov 19 01:42:12 GMT 2005

Hello Pavan,

try nmblookup domainname#1C

Multiple netbios names can be registered under 1C; this shows the PDC & BDC.

[root at node1 ~]# nmblookup DDESIGN#1C
WARNING: The "printer admin" option is deprecated
querying DDESIGN on DDESIGN<1c> DDESIGN<1c>

Only one netbios name can be registered as 1B; this is the PDC

[root at node1 ~]# nmblookup DDESIGN#1B
WARNING: The "printer admin" option is deprecated
querying DDESIGN on DDESIGN<1b>
[root at node1 ~]#

Adrian Sender,

>From: Pavan krishna <p.krishna at diversityarrays.com>
>To: adrian sender <adrian_au1 at hotmail.com>
>CC: samba at lists.samba.org
>Subject: Re: [Samba] Promoting Samba BDC to PDC
>Date: Fri, 18 Nov 2005 09:49:39 +1100
>Hi Adrian,
>        Thank you for your reply. Yeah i have done what you have described 
>already, but the problem is that my client machine is not able to detect 
>the BDC, though my testparm on the BDC shows me no errors. And yes the LDAP 
>administrative password is stored in secrets.tdb else i cannot join my 
>client machine to the domain and cannot even make changes to the ldapsam 
>database with the admindn user.
>Do you think i need to add something else on the Samba BDC file, following 
>are my configuration settings for the BDC using the replicated ldapsam 
>    workgroup = testdom
>    interfaces =
>    printing = cups
>    printcap name = cups
>    printer admin = @ntadmin, root, administrator
>    map to guest = Bad User
>    security = user
>    encrypt passwords = yes
>    allow trusted domains = yes
>    server string = Samba Server
>    add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody 
>-s /bin/false %m$
>    domain master = no
>    admin users = root
>      hosts allow=192.168.9. 255.255.255. localhost
>      remote announce=
>    domain logons = yes
>      preferred master=no
>       enhanced browsing=yes
>    local master = yes
>    unix password sync = no
>    passwd program = /bin/passwd %u
>    ldap passwd sync = yes
>    ldap delete dn = no
>    pam password change = yes
>    preferred master = yes
>    os level = 65
>    ldap suffix = dc=dart,dc=com
>    ldap user suffix = ou=People
>    ldap group suffix = ou=Group
>    passdb backend = ldapsam:ldap://localhost
>    netbios name = dartlinux
>    username map = /etc/samba/smbusers
>    logon home = \\%L\%U\.profile
>    logon drive = H:
>    logon path = \\%L\profiles\%U
>    logon script = netlogon.bat
>    wins support = yes
>    log file = /var/log/samba/log.%m
>    log level = 5
>    ldap admin dn = uid=root,ou=People,dc=dart,dc=com
>    idmap backend = ldap:ldap://localhost
>    ldap idmap suffix = ou=Idmap
>    ldap machine suffix = ou=Computers
>adrian sender wrote:
>>Hello Pavan
>>Firstly have you been following the samba guide - Samba 3 by example by 
>>John Terpstra.
>>Chapter 5.
>>You must now set the LDAP administrative password into the Samba-3 
>>secrets.tdb file by executing this command:
>>root#  smbpasswd -w not24get
>>Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
>>Now you must obtain the domain SID from the PDC and store it into the 
>>secrets.tdb file also. This step is not necessary with an LDAP passdb 
>>backend because Samba-3 obtains the domain SID from the sambaDomain object 
>>it automatically stores in the LDAP backend. It does not hurt to add the 
>>SID to the secrets.tdb, and if you wish to do so, this command can achieve 
>>root#  net rpc getsid MEGANET2
>>Storing SID S-1-5-21-3504140859-1010554828-2431957765 \
>>                           for Domain MEGANET2 in secrets.tdb
>>Adrian Sender.
>>Hi All,
>>        Has any one got an idea of how to make clients automatically find 
>>the BDC when the PDC is stopped. Both PDC and BDC are running by Samba 
>>authenticating again a LDAPSAM backend replicated on both the PDC with 
>>master LDAP database and BDC with replicated LDAP database. But when I 
>>stop PDC the clients are not detecting the BDC broadcast. I can see that 
>>the replication is of the OpenLDAP data is perfect.
>>Any idea of where i may be wrong??
>>thankx in advance.
>Pavan Krishna L
>Systems Administrator
>Diversity Arrays Technology Pty Ltd
>Ph:  +61 2 6281 8512
>Fax: +61 2 6281 8533
>Mob: +61 423 411 281

More information about the samba mailing list