[Samba] BDC keeps taking over and not allowing logins from NT PDC

Pat Riehecky prieheck at iwu.edu
Fri May 11 16:29:25 GMT 2007

Hello, thanks for looking over my ramblings...

We have an NT4 PDC with and NT4 BDC on 192.168.132.X, these boxes are
very very old and overloaded.  I am trying to replace them with a nice
shinny new Samba box.  My problem is that while I am trying to test it
out to make sure it plays nice it keeps winning the elections.

I find this weird as I have set the box to domain master = no and turned
the os level and announce values to really low values.

When it does win no one can login to the domain (and therefore their
workstations) and I have to stop samba to get users back logging in and
able to work.

I joined it to the domain via:
net rpc join -S [NT netbios name or IP] -UAdministrator%password

I got BDC rights and ran:
# net rpc vampire -S [NT netbios name or IP] -W [domainname]

About the time that users reported login problems I got lots of copies
[2007/05/11 08:01:14, 0] lib/util_sock.c:get_peer_addr(1225)
  getpeername failed. Error was Transport endpoint is not connected
in /var/log/log.smbd

To add further complexity the samba box is on a 10. address while the
PDC and BDC are on 192.168. addresses.  Is this a problem?

Any ideas why it is winning the election, why users cannot login to
their systems, is my switch to a different address space a problem?


-- data snippets --

# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=127 time=0.282 ms
64 bytes from icmp_seq=2 ttl=127 time=0.228 ms
64 bytes from icmp_seq=3 ttl=127 time=0.240 ms

--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.228/0.250/0.282/0.023 ms

# pdbedit -Lv prieheck
Unix username:        prieheck
NT username:          prieheck
Account Flags:        [UX         ]
User SID:             S-1-5-21-769903590-661906358-2446119016-1958
Primary Group SID:    S-1-5-21-769903590-661906358-2446119016-513
Full Name:            Pat Riehecky
Home Directory:       \\files\prieheck
HomeDir Drive:        
Logon Script:         
Profile Path:         \\files\prieheck\profile
Domain:               IWUADMIN
Account desc:         
Munged dial:          
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 CST
Kickoff time:         Mon, 18 Jan 2038 21:14:07 CST
Password last set:    Fri, 30 Mar 2007 09:00:41 CDT
Password can change:  0
Password must change: Mon, 18 Jan 2038 21:14:07 CST
Last bad password   : 0
Bad password count  : 0

# testparm
        display charset = UTF8
        workgroup = IWUADMIN
        server string = %h server (Samba, Ubuntu)
        announce version = 2.0
        announce as = win95
        os level = 0
        obey pam restrictions = Yes
        passdb backend = tdbsam
        algorithmic rid base = 10000
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew
\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
        username map = /etc/samba/users.map
        restrict anonymous = 2
        lanman auth = No
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No
        log level = 1
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        min protocol = NT1
        max mux = 100
        change notify timeout = 300
        deadtime = 900
        max disk size = 5240
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        add user script = /usr/sbin/adduser --quiet --disabled-password
--gecos "" %u
        delete user script = /usr/sbin/userdel -r '%u'
        add group script = /usr/sbin/groupadd '%g'
        delete group script = /usr/sbin/groupdel '%g'
        add user to group script = /usr/sbin/usermod -G '%g' '%u'
        add machine script = /usr/sbin/useradd -s /bin/false
-d /dev/null '%u'
        lm announce = No
        preferred master = No
        domain master = No
        wins server =
        panic action = /usr/share/samba/panic-action %d
        invalid users = backup, bin, daemon, dhcp, games, gnats, irc,
klog, list, lp, mail, man, news, nobody, postfix, proxy, sync, sys,
syslog, uucp, www-data, root
        hosts allow = 192.168.132., 10., 172.16.1.,
        remote announce =

        comment = Home Directories
        valid users = %S
        browseable = No

        comment = Network Logon Service
        path = /home/samba/netlogon
        guest ok = Yes
        share modes = No

        path = /tmp
        read only = No
        create mask = 0775
        directory mask = 0775
        strict allocate = Yes
        preserve case = No
        hide special files = Yes
        hide unreadable = Yes
        hide unwriteable files = Yes
        browseable = No
        fstype = FAT
        wide links = No

        copy = template
        path = /home/prieheck
        comment = just a test of group stuff
        valid users = @it
        force group = it

# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:1A:4B:0A:57:12  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::21a:4bff:fe0a:5712/64 Scope:Link
          RX packets:305547 errors:0 dropped:0 overruns:0 frame:0
          TX packets:294673 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:74791511 (71.3 MiB)  TX bytes:142754073 (136.1 MiB)

# cat /etc/issue
Ubuntu 6.10 \n \l

# uname -a
Linux files 2.6.17-11-server #2 SMP Tue Mar 13 23:33:44 UTC 2007 i686

# dpkg -l |grep samba
ii  libcrypt-smbhash-perl        0.12-1
ii  samba                        3.0.22-1ubuntu4.1
ii  samba-common                 3.0.22-1ubuntu4.1

More information about the samba mailing list