[Samba] DC priority, BDC prob with domain groups

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Nov 13 10:47:57 MST 2009

I have the following setup:
     PDC:  Samba 3.0.37 on Solaris 10
     BDC1: Samba 3.0.37 on Solaris 10
     BDC2: Samba 3.4.3 on Solaris 10

Samba 3.0.37 is the bundled version of Samba.
Samba 3.4.3 is compiled from source.

BDC2 is a recent addition to the network.
All machine use LDAP as the backend for everything.  They use winbind to 
handle a domain trust with another domain, but otherwise isn't needed.

If I start samba on BDC2 and logon to an XP  (or Win 2003) Machine, the 
logon will be to BDC2.    This can be verified with echo 
%logonserver%.    Rebooting the XP machine is probably not necessary to 
see this.

If I login as the domain administrator, I am effectively not considered 
a member of the local administrator group.  If I look at the local 
Administrator group I will see the DOMAIN/Administrators as members.     
But I am unable to install software,  see all local files, add users to 
local groups etc.

"OS level" on all three DC's was not explictly set, so was 20 by 
default.  I changed BDC2 to "os level=0" and set the PDC to "os 
level=33."  I did not restart samba on PDC.   It seems to be a browsing 

I still logon to BDC2.

So I have two issues:

1-  How to make sure that the PDC (or PDC and BDC1) use used in 
preference to BDC2.  I assume that something about BDC2 having a newer 
ver of samba is getting it priority.

2.  What is wrong with the domain members in local users group.   This 
may be a BDC config in general issue (and I just never found it because 
BDC1 never took precendence over PDC) or it may be  something to do with 
Samba 3.4.x vs 3.0.x.


More information about the samba mailing list