[Samba] PDC/BDC problem - clients not authenticating against BDC

Tarcizo Azevedo tarcizo.asterisk at gmail.com
Fri Nov 24 11:48:01 GMT 2006 

Adrian,
In your smb.conf in bdc there is domain master = no ?


Adrian A. Sender wrote:
> Hello Ryan,
>
> As you are using PDC / BDC you are using LDAP arnt you?
>
> You have not provided much information, so its very hard to know where to even start.
>
> Assuming that users are been replicated to the BDC via LDAP slurpd, you may want to 
> check the following; 
>
> "net getlocalsid" on the PDC 
> Verify that this matches the BDC "net getlocalsid" .. 
> If not on the BDC "net setlocalsid S-1-5-21-x-y-z"
>
> Failing this remove your ldap database on the BDC (backup first)
>
> "slapcat -v -l transfer.ldif" on PDC
> Copy to BDC
>
> rm -rf /var/lib/ldap/*
> On BDC
>
> "slapadd -v -l transfer.ldif on BDC"
>
> All this is clearly explained in the documentation available on the samba web site.
>
> Let me know if this helps.
>
> Cheers,
>
> Adrian Sender
>
>
>
> From: "ryan punt" <rpunt at good-sam.com> 
> Subject: [Samba] PDC/BDC problem - clients not authenticating against BDC 
> Date: Tue, 21 Nov 2006 09:17:41 -0600 
> To: <samba at lists.samba.org> 
>  
>  
> Hey list, 
>
> I've got a problem with my PDC/BDC setup. They're both running 3.0.23c on Sarge, and 
> I've verified that both the PDC and BDC will authenticate users. 
>
> test-pdc:/etc/samba# testparm 
> Load smb config files from /etc/samba/smb.conf 
> Processing section "[netlogon]" 
> Loaded services file OK. 
> Server role: ROLE_DOMAIN_PDC 
>
> test-bdc:/var/log/samba# testparm 
> Load smb config files from /etc/samba/smb.conf 
> Processing section "[netlogon]" 
> Loaded services file OK. 
> Server role: ROLE_DOMAIN_BDC 
>
> My PDC is also my WINS server, and I've verified that XP clients on other subnets see 
> two "DOMAIN#1c" records. 
>
> The problem I'm having is this: When SMBD on the PDC stops, XP clients will no longer 
> authenticate; the specific error is "the system cannot log you on now because the 
> domain GSS is not available." NMBD is still running, and XP clients still see 2 "#1c" 
> records. 
>
> How can I ensure that XP clients will authenticate against the BDC if the PDC is 
> unavailable? 
>
> Thanks, 
> Ryan 
>
>
>

More information about the samba mailing list