[Samba] strange BDC Behaviour
Robert Gehr
robert.gehr at baumann-gmbh.de
Thu Jul 6 14:00:42 GMT 2006
Hello everybody
I am running two Domaincontrollers PDC and BDC both with an LDAP Backend
(Master and Slave) and another samba fileserver FS1 who is a Domain
Member. We have about 180 win clients (W2k and XP) on the network. We
are also running a w2k terminalserver (TS) with about ten clients
hooking up to it. We are running a login script assigning shares
automatically to the clients.
The strange thing is, that ever so often people connecting to the
terminalserver can not get their shares assigned from the Domain Member
Server FS1. When trying to map the shares manually on the TS by entering
\\FS1\share the login box comes up asking for username and password.
When I enter the IP address of FS1 e.g. \\10.10.10.10\share I can
connect, also when I enter the FQDN e.g. \\FS1.mydomain.de\share the
connection works.
The clients also map a share, using the netbios name, from the BDC which
always works.
What we noticed is, that clients on the TS usually use the BDC for
loging on to the network which shouldn't be I suppose. As far as I
understand it, the client should sign on to the network via the PDC and
only use the BDC if the former fails. Right????
Most of the time it helps to send a HUP signal to the nmbd and the smbd
on the BDC but sometimes not. This is pretty strange and causes quite a
bit of discomfort on the users as well as on our side. Ordinary clients
do not show this type of behaviour at all, only acounts on the TS
Anyone any ideas???
Here the smb.conf files global section from PDC,BDC and FS1 who can't be
all that wrong, otherwise things would not work at all.
Help is greatly appreciated.
Best regards
Rob
---------------------------------
PDC config file
[global]
dos charset = 850
unix charset = ISO8859-1
display charset = ISO8859-1
workgroup = MYDOMAIN
passdb backend = "ldapsam:ldap://pdc.mydomain.de,
ldap://bdc.mydomain.de"
username map = /usr/local/samba/lib/user.map
lanman auth = No
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
add user script = /usr/local/sbin/smbldap-useradd -m %u
add group script = /usr/local/sbin/smbldap-groupadd -a -p %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
%u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w %u
logon path =
domain logons = Yes
os level = 65
domain master = Yes
wins support = Yes
kernel oplocks = No
ldap admin dn = cn=root,dc=mydomain,dc=de
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=de
ldap ssl = start tls
ldap user suffix = ou=people
idmap backend = ldap:ldap://pdc.mydomain.de
idmap uid = 10000-20000
idmap gid = 10000-20000
ldapsam:trusted = yes
printer admin = @Domain_Admins, @Print_Operators, Administrator
map acl inherit = Yes
lprm command = /usr/bin/cancel '%p-%j'
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = /usr/bin/disable '%p'
queueresume command = /usr/bin/enable '%p'
level2 oplocks = No
strict locking = No
-------------------------------------------
Here the file for the BDC
[global]
unix charset = ISO8859-1
display charset = ISO8859-1
workgroup = MYDOMAIN
server string = %h (Samba %v)
passdb backend = "ldapsam:ldap://bdc.mydomain.de,
ldap://pdc.mydomain.de"
username map = /usr/local/samba/lib/user.map
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
logon path =
domain logons = Yes
domain master = No
kernel oplocks = No
ldap admin dn = cn=root,dc=mydomain,dc=de
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=de
ldap ssl = start tls
ldap user suffix = ou=people
idmap backend = ldap:ldap://pdc.mydomain.de
idmap uid = 10000-20000
idmap gid = 10000-20000
ldapsam:trusted = yes
oplocks = No
level2 oplocks = No
------------------------------------------------
And here the file from the DOMAIN MEMBER FS1
[global]
unix charset = ISO8859-1
display charset = ISO8859-1
workgroup = MYDOMAIN
server string = %h (Samba %v)
interfaces = 10.230.1.1/255.255.0.0
security = DOMAIN
password server = pdc, bdc
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = pdc
kernel oplocks = No
ldap admin dn = cn=root,dc=mydomain,dc=de
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=de
ldap ssl = start tls
ldap user suffix = ou=people
idmap backend = ldap:ldap://pdc.mydomain.de
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = Yes
acl group control = Yes
create mask = 00
force create mode = 0775
directory mask = 00
force directory mode = 0775
map acl inherit = Yes
veto oplock files = /*.xls/*.doc/*.mdb
level2 oplocks = No
strict locking = No
More information about the samba
mailing list