[Samba] DC priority, BDC prob with domain groups
gaiseric.vandal at gmail.com
Fri Nov 13 10:47:57 MST 2009
I have the following setup:
PDC: Samba 3.0.37 on Solaris 10
BDC1: Samba 3.0.37 on Solaris 10
BDC2: Samba 3.4.3 on Solaris 10
Samba 3.0.37 is the bundled version of Samba.
Samba 3.4.3 is compiled from source.
BDC2 is a recent addition to the network.
All machine use LDAP as the backend for everything. They use winbind to
handle a domain trust with another domain, but otherwise isn't needed.
If I start samba on BDC2 and logon to an XP (or Win 2003) Machine, the
logon will be to BDC2. This can be verified with echo
%logonserver%. Rebooting the XP machine is probably not necessary to
If I login as the domain administrator, I am effectively not considered
a member of the local administrator group. If I look at the local
Administrator group I will see the DOMAIN/Administrators as members.
But I am unable to install software, see all local files, add users to
local groups etc.
"OS level" on all three DC's was not explictly set, so was 20 by
default. I changed BDC2 to "os level=0" and set the PDC to "os
level=33." I did not restart samba on PDC. It seems to be a browsing
I still logon to BDC2.
So I have two issues:
1- How to make sure that the PDC (or PDC and BDC1) use used in
preference to BDC2. I assume that something about BDC2 having a newer
ver of samba is getting it priority.
2. What is wrong with the domain members in local users group. This
may be a BDC config in general issue (and I just never found it because
BDC1 never took precendence over PDC) or it may be something to do with
Samba 3.4.x vs 3.0.x.
More information about the samba