[Samba] BDC problems

Jason Baker jbaker at glastender.com
Mon Apr 16 17:37:08 GMT 2007 

I have had a samba PDC up and running for about a month now with no 
issues, this weekend I added a BDC and it seems that all my clients are 
now logging into the BDC automatically instead of the PDC. I had to 
mount the homes from the PDC to the BDC so that users can have access to 
their home directories and set the path to the profiles directory on the 
BDC to that of the PDC. I also had to copy all my login scripts from the 
PDC to the BDC so that they will run when users login. Everything seems 
to be working okay now that everything is pointing to the correct 
directories, but it seems like things a backward from what they should 
be. If I login to the domain, my home directory (mapped to drive U: in 
windows XP), now shows up as the Backup Domain Controller, instead of 
the PDC. Should the BDC only be used as a failsafe, when the PDC isn't 
available? I have included my conf files for both PDC and BDC.

Samba version 3.0.23d-30 with LDAP backend.

PDC smb.conf

[global]	
	unix charset = LOCALE
 	workgroup = glastendernet
	netbios name = aster
	server string = Glastender Domain Controller running %v
	interfaces = eth1, lo
	bind interfaces only = yes
	os level = 255
	preferred master = yes
	local master = yes
	domain master = yes
	security = user
	time server = yes
	username map = /etc/samba/smbusers
	wins support = yes
	encrypt passwords = yes
	pam password change = yes	
	name resolve order = wins bcast hosts
	winbind nested groups = no
	passdb backend = ldapsam:"ldap://127.0.0.1 ldap://aspen"
	ldap passwd sync = Yes
	ldap suffix = dc=glastender,dc=com
	ldap admin dn = cn=Manager,dc=glastender,dc=com
	ldap ssl = no
	ldap group suffix = ou=Groups
	ldap user suffix = ou=People
	ldap machine suffix = ou=People
	ldap idmap suffix = ou=Idmap
	idmap backend = ldap:ldap://127.0.0.1/
   	idmap uid = 10000-20000
  	idmap gid = 10000-20000
	map acl inherit = yes	
	add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
	#delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
	add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
	add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
	#delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
	add user to group script = /etc/smbldap-tools/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g"
	set primary group script = /etc/smbldap-tools/smbldap-usermod -g "%g" "%u"
	domain logons = yes
	log file = /var/log/samba/log.%m
	log level = 1
	syslog = 0
	max log size = 50
	#smb ports = 139 445
	smb ports = 139
	hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
	# User profiles and home directories
	logon drive = U:
	logon path = \\%L\profiles\%U
	logon script = %U.bat
	large readwrite = no
        read raw = no
        write raw = no
        printcap name = /etc/printcap
        load printers = no
        printing =
   	template shell = /bin/false
   	winbind use default domain = no

#=========Shares=======
[homes]
	comment = Home Directories
	browseable = no
	read only = no
	write list = %U
	create mask = 0600
	directory mask = 0700
	force user = %U

[profiles]
	comment = Profile Share
	path = /var/lib/samba/profiles
	writeable = yes
	browseable = no
	profile acls = yes

[netlogon]
	path = /var/lib/samba/netlogon
	guest ok = yes
	locking = no



BDC smb.conf

[global]
        unix charset = LOCALE
   	workgroup = GLASTENDERNET
   	socket options = TCP_NODELAY IPTOS_LOWDELAY
	server string = Backup Domain Controller
	passdb backend = ldapsam:"ldap://127.0.0.1 ldap://aster.glastender.com"
        username map = /etc/samba/smbusers
	domain master = no
	domain logons = yes
	os level = 35
        log level = 1
        syslog = 0
        log file = /var/log/samba/%m.log
        max log size = 50
        smb ports = 139
        name resolve order = wins bcast hosts
	logon drive = U:
	logon path = \\aster\profiles\%U
	logon script = %U.bat
        wins server = 172.16.24.7
        ldap suffix = dc=glastender,dc=com
        ldap machine suffix = ou=People
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=Manager,dc=glastender,dc=com
        idmap backend = ldap://aster.glastender.com
   	idmap uid = 10000-20000
   	idmap gid = 10000-20000
	winbind trusted domains only = yes
   	password server = 172.16.24.7
   	winbind use default domain = no
	veto oplock files = /*.mdb/
	utmp = yes

#################SHARES#######################
[homes]
	comment = Home Directories
	browseable = no
	read only = no
	write list = %U
	create mask = 0600
	directory mask = 0700
	force user = %U

[profiles]
	comment = Profile Share
	path = \\aster\profiles
	writeable = yes
	browseable = no
	profile acls = yes

[netlogon]
	path = \\aster\netlogon
	guest ok = yes
	locking = no


-- 

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------

More information about the samba mailing list