[Samba] strange BDC Behaviour

Robert Gehr robert.gehr at baumann-gmbh.de
Thu Jul 6 14:00:42 GMT 2006


Hello everybody

I am running two Domaincontrollers PDC and BDC both with an LDAP Backend
(Master and Slave) and another samba fileserver FS1 who is a Domain
Member. We have about 180 win clients (W2k and XP) on the network. We
are also running a w2k terminalserver (TS) with about ten clients
hooking up to it. We are running a login script assigning shares
automatically to the clients.

The strange thing is, that ever so often people connecting to the
terminalserver can not get their shares assigned from the Domain Member
Server FS1. When trying to map the shares manually on the TS by entering

\\FS1\share the login box comes up asking for username and password.

When I enter the IP address of FS1 e.g. \\10.10.10.10\share I can
connect, also when I enter the FQDN e.g. \\FS1.mydomain.de\share the
connection works.

The clients also map a share, using the netbios name, from the BDC which
always works.

What we noticed is, that clients on the TS usually use the BDC for
loging on to the network which shouldn't be I suppose. As far as I
understand it, the client should sign on to the network via the PDC and
only use the BDC if the former fails. Right????

Most of the time it helps to send a HUP signal to the nmbd and the smbd
on the BDC but sometimes not. This is pretty strange and causes quite a
bit of discomfort on the users as well as on our side. Ordinary clients
do not show this type of behaviour at all, only acounts on the TS

Anyone any ideas???

Here the smb.conf files global section from PDC,BDC and FS1 who can't be 
all that wrong, otherwise things would not work at all.

Help is greatly appreciated.
Best regards

Rob

---------------------------------

PDC config file

[global]
    dos charset = 850
    unix charset = ISO8859-1
    display charset = ISO8859-1
    workgroup = MYDOMAIN
    passdb backend = "ldapsam:ldap://pdc.mydomain.de,
ldap://bdc.mydomain.de"
    username map = /usr/local/samba/lib/user.map
    lanman auth = No
    socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
    add user script = /usr/local/sbin/smbldap-useradd -m %u
    add group script = /usr/local/sbin/smbldap-groupadd -a -p %g
    add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
    delete user from group script = /usr/local/sbin/smbldap-groupmod -x
%u %g
    set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
    add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w %u
    logon path =
    domain logons = Yes
    os level = 65
    domain master = Yes
    wins support = Yes
    kernel oplocks = No
    ldap admin dn = cn=root,dc=mydomain,dc=de
    ldap group suffix = ou=groups
    ldap idmap suffix = ou=idmap
    ldap machine suffix = ou=computers
    ldap passwd sync = Yes
    ldap suffix = dc=mydomain,dc=de
    ldap ssl = start tls
    ldap user suffix = ou=people
    idmap backend = ldap:ldap://pdc.mydomain.de
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    ldapsam:trusted = yes
    printer admin = @Domain_Admins, @Print_Operators, Administrator
    map acl inherit = Yes
    lprm command = /usr/bin/cancel '%p-%j'
    lppause command = lp -i '%p-%j' -H hold
    lpresume command = lp -i '%p-%j' -H resume
    queuepause command = /usr/bin/disable '%p'
    queueresume command = /usr/bin/enable '%p'
    level2 oplocks = No
    strict locking = No

-------------------------------------------

Here the file for the BDC

[global]
    unix charset = ISO8859-1
    display charset = ISO8859-1
    workgroup = MYDOMAIN
    server string = %h (Samba %v)
    passdb backend = "ldapsam:ldap://bdc.mydomain.de,
ldap://pdc.mydomain.de"
    username map = /usr/local/samba/lib/user.map
    socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
    logon path =
    domain logons = Yes
    domain master = No
    kernel oplocks = No
    ldap admin dn = cn=root,dc=mydomain,dc=de
    ldap group suffix = ou=groups
    ldap idmap suffix = ou=idmap
    ldap machine suffix = ou=computers
    ldap passwd sync = Yes
    ldap suffix = dc=mydomain,dc=de
    ldap ssl = start tls
    ldap user suffix = ou=people
    idmap backend = ldap:ldap://pdc.mydomain.de
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    ldapsam:trusted = yes
    oplocks = No
    level2 oplocks = No

------------------------------------------------

And here the file from the DOMAIN MEMBER FS1

[global]
    unix charset = ISO8859-1
    display charset = ISO8859-1
    workgroup = MYDOMAIN
    server string = %h (Samba %v)
    interfaces = 10.230.1.1/255.255.0.0
    security = DOMAIN
    password server = pdc, bdc
    deadtime = 10
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    wins server = pdc
    kernel oplocks = No
    ldap admin dn = cn=root,dc=mydomain,dc=de
    ldap group suffix = ou=groups
    ldap idmap suffix = ou=idmap
    ldap machine suffix = ou=computers
    ldap passwd sync = Yes
    ldap suffix = dc=mydomain,dc=de
    ldap ssl = start tls
    ldap user suffix = ou=people
    idmap backend = ldap:ldap://pdc.mydomain.de
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind trusted domains only = Yes
    acl group control = Yes
    create mask = 00
    force create mode = 0775
    directory mask = 00
    force directory mode = 0775
    map acl inherit = Yes
    veto oplock files = /*.xls/*.doc/*.mdb
    level2 oplocks = No
    strict locking = No







More information about the samba mailing list