[Samba] PDC/BDC problem - clients not authenticating against BDC

Adrian A. Sender adrians at tinistuffhosting.com
Wed Nov 22 13:26:56 GMT 2006


Hello Ryan,

As you are using PDC / BDC you are using LDAP arnt you?

You have not provided much information, so its very hard to know where to even start.

Assuming that users are been replicated to the BDC via LDAP slurpd, you may want to 
check the following; 

"net getlocalsid" on the PDC 
Verify that this matches the BDC "net getlocalsid" .. 
If not on the BDC "net setlocalsid S-1-5-21-x-y-z"

Failing this remove your ldap database on the BDC (backup first)

"slapcat -v -l transfer.ldif" on PDC
Copy to BDC

rm -rf /var/lib/ldap/*
On BDC

"slapadd -v -l transfer.ldif on BDC"

All this is clearly explained in the documentation available on the samba web site.

Let me know if this helps.

Cheers,

Adrian Sender



From: "ryan punt" <rpunt at good-sam.com> 
Subject: [Samba] PDC/BDC problem - clients not authenticating against BDC 
Date: Tue, 21 Nov 2006 09:17:41 -0600 
To: <samba at lists.samba.org> 
 
 
Hey list, 

I've got a problem with my PDC/BDC setup. They're both running 3.0.23c on Sarge, and 
I've verified that both the PDC and BDC will authenticate users. 

test-pdc:/etc/samba# testparm 
Load smb config files from /etc/samba/smb.conf 
Processing section "[netlogon]" 
Loaded services file OK. 
Server role: ROLE_DOMAIN_PDC 

test-bdc:/var/log/samba# testparm 
Load smb config files from /etc/samba/smb.conf 
Processing section "[netlogon]" 
Loaded services file OK. 
Server role: ROLE_DOMAIN_BDC 

My PDC is also my WINS server, and I've verified that XP clients on other subnets see 
two "DOMAIN#1c" records. 

The problem I'm having is this: When SMBD on the PDC stops, XP clients will no longer 
authenticate; the specific error is "the system cannot log you on now because the 
domain GSS is not available." NMBD is still running, and XP clients still see 2 "#1c" 
records. 

How can I ensure that XP clients will authenticate against the BDC if the PDC is 
unavailable? 

Thanks, 
Ryan 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the samba mailing list