[Samba] DC priority, BDC prob with domain groups

vishesh kumar linuxtovishesh at gmail.com
Tue Nov 17 02:42:53 MST 2009 

Dear vandal

By setting *os level* higher i think we can give preference to one server.

Thanks


On Tue, Nov 17, 2009 at 4:18 AM, Gaiseric Vandal
<gaiseric.vandal at gmail.com>wrote:

> There was an incorrect entry in smb.conf on BDC1 which mean it was not
> registering in WINS as a bdc.  According to the Samba How To documentation,
> all other things being equal, Windows clients will use a bdc rather than a
> pdc.
>
> Now when I logon, I may get any of the three domain controllers.  When I
> get BDC1 (Samba 3.0.37) I don't seem have problems.
>
>
>
>
> So my following problems remain:
>     Can I adjust some variable so that one DC is more likely to be used by
> windows clients than another?
>     Why does Samba 3.4.3 not seem to handle domain groups as members of
> local groups?
>
>
> If I connect from XP Pro client GATES
>
> [2009/11/16 17:34:46,  3] auth/auth.c:222(check_ntlm_password)
>  check_ntlm_password:  Checking password for unmapped user []\[]@[GATES]
> with t
> he new password interface
> [2009/11/16 17:34:46,  3] auth/auth.c:225(check_ntlm_password)
>  check_ntlm_password:  mapped user is: [DOMAIN]\[]@[GATES]
> ...
>
>
> It also looks like I may not get the same logon server each time I logon-
>  so I guess my PC could have authenticated against one DC, and I could
> authenticate against another.
>
>
> Thanks
>
>
>
>
> On 11/13/09 19:04, Gaiseric Vandal wrote:
>
>> Setting "announce version = 4.5" in smb.conf on BDC2 did not change
>> anything.  (The other samba domain still use 4.9 as the default version.)
>> Windows clients will still connect to BDC2 (if it is running.)  On each
>> DC, net getdomainsid and getlocalsid show that the local sid on each
>> machine is the domain sid.
>>
>>
>> BDC2# net getdomainsid
>> SID for local machine BDC2 is: S-1-5-21-xxx-xxx-x99
>> SID for domain DOMAIN is: S-1-5-21-xxx-xxx-x99
>>
>> BDC2# net getlocalsid
>> SID for domain BDC is-xxx-xxx-x99
>> BDC2#
>>
>>
>> Pdbedit -Lv, wbinfo -u and wbinfo -g all seem to give the same results
>>
>> Also
>>
>> BDC# wbinfo -t
>> checking the trust secret via RPC calls succeeded
>>
>>
>> Thanks
>>
>> -----Original Message-----
>> From: Gaiseric Vandal [mailto:gaiseric.vandal at gmail.com]
>> Sent: Friday, November 13, 2009 12:48 PM
>> To: samba at lists.samba.org
>> Subject: DC priority, BDC prob with domain groups
>>
>> I have the following setup:
>>      PDC:  Samba 3.0.37 on Solaris 10
>>      BDC1: Samba 3.0.37 on Solaris 10
>>      BDC2: Samba 3.4.3 on Solaris 10
>>
>>
>> Samba 3.0.37 is the bundled version of Samba.
>> Samba 3.4.3 is compiled from source.
>>
>> BDC2 is a recent addition to the network.
>> All machine use LDAP as the backend for everything.  They use winbind to
>> handle a domain trust with another domain, but otherwise isn't needed.
>>
>> If I start samba on BDC2 and logon to an XP  (or Win 2003) Machine, the
>> logon will be to BDC2.    This can be verified with echo
>> %logonserver%.    Rebooting the XP machine is probably not necessary to
>> see this.
>>
>> If I login as the domain administrator, I am effectively not considered
>> a member of the local administrator group.  If I look at the local
>> Administrator group I will see the DOMAIN/Administrators as members.
>> But I am unable to install software,  see all local files, add users to
>> local groups etc.
>>
>>
>> "OS level" on all three DC's was not explictly set, so was 20 by
>> default.  I changed BDC2 to "os level=0" and set the PDC to "os
>> level=33."  I did not restart samba on PDC.   It seems to be a browsing
>> issue.
>>
>> I still logon to BDC2.
>>
>> So I have two issues:
>>
>> 1-  How to make sure that the PDC (or PDC and BDC1) use used in
>> preference to BDC2.  I assume that something about BDC2 having a newer
>> ver of samba is getting it priority.
>>
>>
>> 2.  What is wrong with the domain members in local users group.   This
>> may be a BDC config in general issue (and I just never found it because
>> BDC1 never took precendence over PDC) or it may be  something to do with
>> Samba 3.4.x vs 3.0.x.
>>
>>
>>
>>
>> Thanks
>>
>>
>>
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
http://linuxinterviews.blogspot.com

More information about the samba mailing list