[Samba] PDC and WINS windows server 2003

Egon Pavlica egon.pavlica at p-ng.si
Sat Dec 13 11:10:59 GMT 2008


i try to use windows wins with samba pdc, but i face the following

When PDC samba start, nmbd is broadcasting a request for domain master 
browser (domain is TEST). I see this in nmbd log file:
"become_domain_master_browser_wins: querying WINS server from IP
              for domain master browser name TEST<1b> on workgroup TEST"
but it fails and reports:
     become_domain_master_query_fail: Error 0 returned when querying WINS
     server for name TEST<1b>."
with a wireshark, on windows server 2003, i see that the samba PDC is 
broadcasting for TEST<1b>, therefore WINS on windows server does not 

With my limited knowledge, i think, that nmbd should not broadcast for a 
domain master browser, but he should ask directly WINS server. And then 
the WINS server should tell him, that he is the master browser. And then 
nmbd should update browse list from WINS server. But in this case,
how does the WINS server know, who is the domain master browser?

I thanks anybody who will help!

Best regards,
      Egon pavlica

p.s. samba version 3.0.32, hostnames in smb.conf are changed

netbios name = master
workgroup = TEST
server string = master(PDC)
hosts allow =
interfaces = lo eth1 eth2
bind interfaces only = yes
hide unreadable = yes
hide dot files = yes
host msdfs = yes

domain logons = yes
logon script = login.bat OR %U.bat
logon path = \\%L\profiles\%U
logon drive = Y:
logon home = \\%L\%U\.9xprofile

wins support = no
domain master = yes
local master = yes
preferred master = yes
os level = 150
name resolve order = wins bcast host
wins server =
time server = yes
log file = /var/log/samba/log.%m
max log size = 50
log level = 1
syslog = 0
unix charset = UTF-8
dos charset = CP1250
guest account = nobody
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
default case = lower
preserve case = yes
short preserve case = yes
case sensitive = no
directory mask = 0775
create mask = 0664
inherit acls = yes
dos filemode = yes
username map = /etc/samba/smbusers
security = user
encrypt passwords = yes
enable privileges = yes
null passwords = no
obey pam restrictions = no
ldap passwd sync = Yes

passdb backend = ldapsam:"ldap://<masterldapserver> ldap://<slaveldapserver"
ldap admin dn = cn=samba,ou=DSA,dc=TEST
ldap suffix = dc=TEST
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
idmap backend = ldap:"ldap://<masterldapserver> ldap://<slaveldapserver>"
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = yes
map acl inherit = Yes
ldap ssl = start_tls
ldap delete dn = Yes

add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel -r "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"

#to disable printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes


path = /var/lib/samba/netlogon
guest ok = no
read only = yes
browseable = no
write list = root
path = /var/lib/samba/profiles
browseable = no
writeable = yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
create mask = 0600
directory mask = 0700
csc policy = disable
profile acls = yes
force user = %U
valid users = %U @"Domain Admins"
path = /home/%U
browseable = no
valid users = %S
read only = no
guest ok = no
msdfs root = yes

More information about the samba mailing list