[Samba] PDC / BDC in a Samba Domain Controller.

Juan Pablo Michelino jpmichelino at jfsecco.com.ar
Thu Mar 26 14:15:34 GMT 2009

I makeing a Domain Controller with Samba (v3.0.33) and LDAP (v2.4).
I will install a PDC in the headquarter and a BDC in the subsidiary of 
the company that I work.
The PDC and the BDC will have his own LDAP data base.
I just install the PDC without problems and my next step is to install 
the BDC.
I configured the LDAP that work in multi master mode. I made some test 
and the LDAP works well.
I need to know if the BDC can write in his local data base.
In other side: Can the BDC acts as PDC when the conection betwen both 
servers is broken? I need that the users that works in the subsidiary 
can log in and make changes in his profiles (e.g. change his password 
and so on) including when the conection with the headquarter is lost.
Below I copy the BDC's smb.conf
Can anyone help me? Thanks.

# --------------------------------------------------------------------
    admin users = manager @"Domain Admins" @administradores
    ntlm auth = yes
    netbios name = PDC_Rosario
    workgroup = SECCO
    lanman auth = no
    winbind trusted domains only = yes
    encrypt passwords = yes
    winbind use default domain = yes
    server string = BDC
    domain logons = yes

# ----------------------- Network Related Options -----------------        

    hosts allow = localhost

# --------------------------- Logging Options ---------------------

      max log size = 500
      log file = /var/log/samba/%m.log

# ----------------------------- LDAP Options ----------------------

        ldap passwd sync = yes
        ldap admin dn = cn=manager,dc=secco,dc=com,dc=ar
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap suffix = dc=secco,dc=com,dc=ar
# ----------------------- Standalone Server Options ---------------

    security = user
    passdb backend = ldapsam:ldap://

# ----------------------- Domain Members Options -------------------  
# ----------------------- Domain Controller Options ---------------

      logon script = login.bat
      add machine script = /usr/sbin/smbldap-useradd -w "%u"
      delete user script = /usr/sbin/smbldap-userdel "%u"
      add group script = /usr/sbin/smbldap-groupadd -p "%g"
      add user script = /usr/sbin/smbldap-useradd -m "%u"

# ----------------------- Browser Control Options -----------------

       local master = yes
       os level = 65
       domain master = no
       preferred master = yes

#----------------------------- Name Resolution --------------------

       wins support = yes
       name resolve order = wins lmhosts bcast

# --------------------------- Printing Options --------------------

# --------------------------- Filesystem Options ------------------

#====================== Share Definitions =========================


        comment = Home Directories
        browseable = no
        writable = no
        root preexec = /etc/samba/mk_sambadir "/home/%u" "%u" "%g"
        write list = %S manager
        valid users = SECCO\%S SECCO\manager
        inherit permissions = yes
        force user = %S
        force group = @administradores
        directory mask = 0700
        create mask = 0700

        comment = Network Logon Service
        browseable = yes
        path = /home/netlogon
        guest ok = yes
        writable = no
        valid users = SECCO\manager %U
        write list = llattan

        comment = Carpeta del grupo Sistemas
        path = /home2/sistemas
        valid users = @shares @administradores
        browseable = yes
        writable  = no
        write list = @shares_w @administradores
  inherit permissions = yes
        force user = %U
        force group = share

# --------------------------------------------------------------------

Juan Pablo Michelino

More information about the samba mailing list