[Samba] PDC/BDC problem - clients not authenticating against BDC
Tarcizo Azevedo
tarcizo.asterisk at gmail.com
Fri Nov 24 11:48:01 GMT 2006
Adrian,
In your smb.conf in bdc there is domain master = no ?
Adrian A. Sender wrote:
> Hello Ryan,
>
> As you are using PDC / BDC you are using LDAP arnt you?
>
> You have not provided much information, so its very hard to know where to even start.
>
> Assuming that users are been replicated to the BDC via LDAP slurpd, you may want to
> check the following;
>
> "net getlocalsid" on the PDC
> Verify that this matches the BDC "net getlocalsid" ..
> If not on the BDC "net setlocalsid S-1-5-21-x-y-z"
>
> Failing this remove your ldap database on the BDC (backup first)
>
> "slapcat -v -l transfer.ldif" on PDC
> Copy to BDC
>
> rm -rf /var/lib/ldap/*
> On BDC
>
> "slapadd -v -l transfer.ldif on BDC"
>
> All this is clearly explained in the documentation available on the samba web site.
>
> Let me know if this helps.
>
> Cheers,
>
> Adrian Sender
>
>
>
> From: "ryan punt" <rpunt at good-sam.com>
> Subject: [Samba] PDC/BDC problem - clients not authenticating against BDC
> Date: Tue, 21 Nov 2006 09:17:41 -0600
> To: <samba at lists.samba.org>
>
>
> Hey list,
>
> I've got a problem with my PDC/BDC setup. They're both running 3.0.23c on Sarge, and
> I've verified that both the PDC and BDC will authenticate users.
>
> test-pdc:/etc/samba# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[netlogon]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
>
> test-bdc:/var/log/samba# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[netlogon]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_BDC
>
> My PDC is also my WINS server, and I've verified that XP clients on other subnets see
> two "DOMAIN#1c" records.
>
> The problem I'm having is this: When SMBD on the PDC stops, XP clients will no longer
> authenticate; the specific error is "the system cannot log you on now because the
> domain GSS is not available." NMBD is still running, and XP clients still see 2 "#1c"
> records.
>
> How can I ensure that XP clients will authenticate against the BDC if the PDC is
> unavailable?
>
> Thanks,
> Ryan
>
>
>
More information about the samba
mailing list