[Samba] security = domain -- samba adds its netbios name as samba domain to LDAP

Michal Dobroczynski michal.dobroczynski at gmail.com
Fri Oct 5 20:15:02 GMT 2007

On 05/10/2007, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:
> On Fri, Oct 05, 2007 at 07:15:44PM +0200, Michal Dobroczynski wrote:
> >
> > I experienced exactly the same behaviour. I expected my BDC stations
> > to reuse the 'workgroup' attribute, but the effect was exactly like
> > Christian wrote.
> > What do you mean by "works as designed"? Can we just use it that way,
> > where each BDC has a domain on its own?
> Ok. I think I understood something wrong. I thought the
> logfile was from a member server, not from a BDC. If a BDC
> creates its own name as a sambaDomain object in LDAP, then
> there's a misconfiguration or a bug. A BDC does not have a
> local SAM, only member servers do.

Well - what I have discovered is that setting

domain logons = Yes
domain master = No

seems to solve the problem.

When configured in such a way the BDC controller searches for the
proper domain and does not try to create a new one.
I think this is the way a BDC should be configured - but of course I'd
be glad to hear some comments from people that use similar structure
(description just below).

The main idea about my setup is: one samba PDC and then lots of BDCs
which act as file servers (well, maybe BDC is a too strong word for
that - I just don't want to ask people again for the same
username/password). This way I can nicely distribute the bandwith
among people (because once they login onto a windows workstation their
home drive is mounted automatically - and they don't care if it comes
from file server A or D, at least as long as it works :). Of course
everything is powered by OpenLDAP (BDC get read-only access to


> Sorry for the confusion,
> Volker

More information about the samba mailing list