[Samba] PDC/BDC problem - clients not authenticating against BDC
Adrian A. Sender
adrians at tinistuffhosting.com
Wed Nov 22 13:26:56 GMT 2006
Hello Ryan,
As you are using PDC / BDC you are using LDAP arnt you?
You have not provided much information, so its very hard to know where to even start.
Assuming that users are been replicated to the BDC via LDAP slurpd, you may want to
check the following;
"net getlocalsid" on the PDC
Verify that this matches the BDC "net getlocalsid" ..
If not on the BDC "net setlocalsid S-1-5-21-x-y-z"
Failing this remove your ldap database on the BDC (backup first)
"slapcat -v -l transfer.ldif" on PDC
Copy to BDC
rm -rf /var/lib/ldap/*
On BDC
"slapadd -v -l transfer.ldif on BDC"
All this is clearly explained in the documentation available on the samba web site.
Let me know if this helps.
Cheers,
Adrian Sender
From: "ryan punt" <rpunt at good-sam.com>
Subject: [Samba] PDC/BDC problem - clients not authenticating against BDC
Date: Tue, 21 Nov 2006 09:17:41 -0600
To: <samba at lists.samba.org>
Hey list,
I've got a problem with my PDC/BDC setup. They're both running 3.0.23c on Sarge, and
I've verified that both the PDC and BDC will authenticate users.
test-pdc:/etc/samba# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
test-bdc:/var/log/samba# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC
My PDC is also my WINS server, and I've verified that XP clients on other subnets see
two "DOMAIN#1c" records.
The problem I'm having is this: When SMBD on the PDC stops, XP clients will no longer
authenticate; the specific error is "the system cannot log you on now because the
domain GSS is not available." NMBD is still running, and XP clients still see 2 "#1c"
records.
How can I ensure that XP clients will authenticate against the BDC if the PDC is
unavailable?
Thanks,
Ryan
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list