[Samba] PDC/BDC Problem

Florian Götz f.goetz at hs-mannheim.de
Tue May 26 15:47:40 GMT 2009

Hi all,

I'm rather new to samba and trying to deploy a PDC/BDC Setup for our company.
Got some books and the manpages here to help me :)
The config-files are attached at the end of this mail. Used Samba is 3.2.7-11.6 
on a SLES11 system.

The PDC is running as ROLE_DOMAIN_PDC says testparm, the BDC as 
Both DCs use a LDAP (OpenLDAP 2.4.12-7) for user authentication.

The LDAP system is also setup redundant, both sambas are using the primary 
one. On both samba systems the smb and nmb daemons are running.

Question One: If I use the "nmblookup" TESTRZ command I get a response from 
the BDC System. Shouldn´t the PDC be the one answering?

Question Two: If I connect the a share with my Ubuntu workstation I get a 
connection without a problem. If I go to a Windows XP machine and open the 
network, I can see the domain with the PDC and BDC inside. But only the BDC 
can be accessed. If I try to open the PDC I get an error message about not 
enough rights to access this resource.

I used old config files from our running samba system and tried to modify them 
for a PDC/BDC setup. There might be some options in it which are outdated 

Best regards and thanks a lot for the help,
Florian Götz

smb.conf (PDC)

        # General Server Settings
        # -------------------------------------------------------------
        #include = /etc/samba/dhcp.conf
        workgroup = TESTRZ
        server string = RZ Test Samba 143
        interfaces = x.x.x.143/
        guest account = nobody
        netbios name = PDC-TEST
        os level = 25
        preferred master = Yes
        wins support = Yes
        preserve case = yes
        short preserve case = yes
        case sensitive = no
        nt acl support = no
        deadtime = 10
        time server = yes
        dont descend = /proc,/dev/etc/lib/lost+found,initrd
        Dos charset = 850
        Unix charset = UTF8
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        domain logons = Yes
        domain master = Yes
	# Logon options
        # --------------------------------------------------------------
        map to guest = Bad User
        logon path = \\%L\profiles
        logon home = G:
        logon drive = G:

        #usershare allow guests = Yes
        username map = /etc/samba/smbusers
        security = user
        encrypt passwords = yes
        mangling method = hash2
        unix password sync = yes
        passwd program = /etc/smbldap-tools/smbldap-passwd -u %u
        passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
 	new passw$
        enable privileges = yes

	# LDAP Stuff
        passdb backend = ldapsam:"ldap://"
        idmap backend = ldap:ldap://
        ldap admin dn = cn=admin,dc=example,dc=de
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Computers
        ldap passwd sync = Yes
        ldap suffix = dc=example,dc=de
        ldap user suffix = ou=Users

        add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
        delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
        add machine script = /etc/smbldap-tools/smbldap-useradd -t 0 -w "%u"
        add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
        delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
        add user to group script = /etc/smbldap-tools/smbldap-groupmod 
        delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x 
"%u" "$
        set primary group script = /etc/smbldap-tools/smbldap-usermod -g '%g' 

        add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody 
-s /bin$

<some shares here>

smb.conf (BDC):
same as above, only these columns are different:

domain master =no
netbios name = BDC-TEST

Dipl.-Inf. (FH) Florian Götz
Rechenzentrum Hochschule Mannheim
Paul-Wittsack-Straße 10	
68163 Mannheim
Tel: 0621/292-6569       

EMail: 	f.goetz at hs-mannheim.de
Internet: 	http://www.rz.hs-mannheim.de


More information about the samba mailing list