[Samba] Backup Domain not working

adrian sender adrian_au1 at hotmail.com
Sat Jun 2 10:56:48 GMT 2007 

Hi Jason,

The problem is here:

logon path = \\%L\profiles\%U

With the %L it is refering to your local machine, therefore all your account 
in ldap are mapping profiles to local host. When the BDC serves a login it 
tries to map profile to local host.

You will need to change this to a machine name or better export your home 
and profiles from the pdc to bdc through nfs.

So login path = \\machine.domain.com\profiles\%U

If you choose not to export ur profile and home to the bdc, you will  need 
to manually alter login path for all the user accounts that are stored in 
ldap; use pdbedit or whatever u normally use to manipulate user account to 
acheive this.

Hope this helps.

Cheers,

Adrian Sender



>From: Jason Baker <jbaker at glastender.com>
>To: samba at lists.samba.org
>Subject: [Samba] Backup Domain not working
>Date: Thu, 31 May 2007 08:46:42 -0400
>I recently set up a backup domain controller using Samba 3.0.23. I have a 
>Samba PDC already running, and all is working fine, but once I added the 
>BDC, now when people log in to their windows account, their home directory 
>is now being mapped to their home on the BDC (which is empty) instead of 
>the PDC. Conf files from each below:
>
>PDC Samba Conf:
>[global]
>       unix charset = LOCALE
>       workgroup = mydomain
>       netbios name = PDC
>       server string = Domain Controller running %v
>       interfaces = eth1, lo
>       bind interfaces only = yes
>       os level = 255
>       preferred master = yes
>       local master = yes
>       domain master = yes
>       security = user
>       time server = yes
>       username map = /etc/samba/smbusers
>       wins support = yes
>       encrypt passwords = yes
>       pam password change = yes
>       name resolve order = wins bcast hosts
>       winbind nested groups = no
>       passdb backend = ldapsam:"ldap://127.0.0.1 ldap://BDC"
>       ldap passwd sync = Yes
>       ldap suffix = dc=mydomain,dc=com
>       ldap admin dn = cn=Manager,dc=mydomain,dc=com
>       ldap ssl = no
>       ldap group suffix = ou=Groups
>       ldap user suffix = ou=People
>       ldap machine suffix = ou=People
>       ldap idmap suffix = ou=Idmap
>       idmap backend = ldap:ldap://127.0.0.1/
>       idmap uid = 10000-20000
>       idmap gid = 10000-20000
>       map acl inherit = yes
>       add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
>       #delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
>       add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
>       add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
>       #delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
>       add user to group script = /etc/smbldap-tools/smbldap-groupmod -m 
>"%u" "%g"
>       delete user from group script = /etc/smbldap-tools/smbldap-groupmod 
>-x "%u" "%g"
>       set primary group script = /etc/smbldap-tools/smbldap-usermod -g 
>"%g" "%u"
>       domain logons = yes
>       log file = /var/log/samba/log.%m
>       log level = 1
>       syslog = 0
>       max log size = 50
>       #smb ports = 139 445
>       smb ports = 139
>       hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
>       # User profiles and home directories
>       logon drive = U:
>       logon path = \\%L\profiles\%U
>       logon script = %U.bat
>       large readwrite = no
>       read raw = no
>       write raw = no
>       printcap name = /etc/printcap
>       load printers = no
>       printing =
>       template shell = /bin/false
>       winbind use default domain = no
>
>BDC Samba Conf.
>[global]
>       unix charset = LOCALE
>       workgroup = mydomain
>       server string =  Backup Domain Controller
>       security = domain
>       username map = /etc/samba/smbusers
>       log level = 1
>       syslog = 0
>       log file = /var/log/samba/%m.log
>       max log size = 50
>       smb ports = 139
>       name resolve order = wins bcast hosts
>       wins server = 172.16.24.7
>       ldap suffix = dc=mydomain,dc=com
>       ldap machine suffix = ou=People
>       ldap user suffix = ou=People
>       ldap group suffix = ou=Groups
>       ldap idmap suffix = ou=Idmap
>       ldap admin dn = cn=Manager,dc=mydomain,dc=com
>       idmap backend = ldap:ldap://PDC
>       idmap uid = 10000-20000
>       idmap gid = 10000-20000
>       winbind trusted domains only = yes
>       password server = 172.16.24.7
>       template shell = /bin/false
>       domain master = no
>       local master = no
>       os level = 0
>       preferred master = no
>       winbind use default domain = no
>       veto oplock files = /*.mbd/
>       large readwrite = no
>       read raw = no
>       write raw = no        printcap name = /etc/printcap
>       load printers = no
>       printing =


>*Jason Baker
>*/IT Coordinator/
>
>
>*Glastender Inc.*
>5400 North Michigan Road
>Saginaw, Michigan 48604 USA
>800.748.0423
>Phone: 989.752.4275 ext. 228
>Fax: 989.752.4444
>www.glastender.com <http://www.glastender.com>
>
>-----BEGIN GEEK CODE BLOCK-----
>Version: 3.1
>GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
>w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
>r+++ y+++
>------END GEEK CODE BLOCK------

_________________________________________________________________
Advertisement: Are you paid what you're worth? Find out: SEEK Salary Centre 
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2Fcareer%2Dresources%2Fsalary%2Dcentre%2F%3Ftracking%3Dsk%3Ahet%3Asc%3Anine%3A0%3Ahot%3Atext&_t=764565661&_r=june07_endtext_salary&_m=EXT

More information about the samba mailing list