[Samba] Authentication requests being handled by PDC not local BDC
David M Noriega
davidmnoriega at gmail.com
Wed Jul 8 15:53:09 GMT 2009
I have a PDC+LDAP as well as a BDC+LDAP in another subnet setup with a
domain member in the same subnet as the BDC. From my understanding the
domain member should be hitting the BDC for all authentication but
watching the logs I see the PDC is the one handling it all. The BDC
just sits there. Am I missing something?
Here are the smb.conf for each servers:
PDC:
[global]
workgroup = X.X.X
netbios name = Ross
server string = PDC %v
map to guest = Bad User
encrypt passwords = yes
passdb backend = ldapsam:ldap://ldap1.x.x.x
enable privileges = yes
log level = 2
syslog = 0
time server = Yes
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=32768
SO_SNDBUF=32768
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-group-del '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon path = \\%L\profiles\%U
logon script = netlogin.bat
# logon drive = M:
# logon home = \\cajal.x.x.x\%U
domain logons = Yes
os level = 225
domain master = Yes
local master = Yes
wins support = Yes
# remote announce = x.x.x.255/X.X.X #bishop subnet
ldap admin dn = cn=samba,ou=DSA,dc=x,dc=x,dc=x
ldap group suffix = ou=group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=machines
ldap passwd sync = Yes
ldap suffix = dc=x,dc=x,dc=x
ldap ssl = start tls
ldap user suffix = ou=people
create mask = 0640
directory mask = 0750
case sensitive = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
interfaces = eth0 lo
bind interfaces only = yes
hosts deny = ALL
hosts allow = xxx.xxx.0.0/255.255.0.0
BDC:
[Global]
workgroup = X.X.X
netbios name = BISHOP
server string = BDC %v
interfaces = eth0 lo
bind interfaces only = yes
hosts deny = ALL
hosts allow = xxx.xxx.0.0/255.255.0.0
passdb backend = ldapsam:ldap://ldap2.x.x.x
domain master = no
domain logons = yes
ldap suffix = dc=x,dc=x,dc=x
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap machine suffix = ou=machines
ldap admin dn = cn=manager,dc=x,dc=x,dc=x
encrypt passwords = yes
enable privileges = yes
log level = 3
syslog = 0
domain master = no
wins server = ross.x.x.x
wins proxy = yes
remote announce = xxx.xxx.xxx.255/X.X.X #Ross subnet
remote browse sync = xxx.xxx.xxx.xxx #ross ip
ntlm auth = yes
lanman auth = yes
ldap ssl = start tls
local master = yes
os level = 65
preferred master = yes
Domain Member:
[Global]
workgroup = X.X.X
server string = CAJAL %v
security = domain
password server = *
lanman auth = Yes
encrypt passwords = yes
enable privileges = yes
loglevel = 2
syslog = 0
deadtime = 5
os level = 8
local master = No
domain master = No
remote announce = xxx.xxx.xxx.255/X.X.XXX
interfaces = ce0 lo0
bind interfaces only = yes
hosts allow = xxx.xxx.0.0/255.255.0.0
hosts deny = ALL
--
Personally, I liked the university. They gave us money and facilities,
we didn't have to produce anything! You've never been out of college!
You don't know what it's like out there! I've worked in the private
sector. They expect results. -Ray Ghostbusters
More information about the samba
mailing list