[Samba] WINS + BDC Problem [Was: Problems with BDC authentication]

[Ron García-Vidal]

On 07/01/2011 03:12 PM, Ron García-Vidal wrote:
> Today we had a problem with our Win NT4 PDC and discovered numerous
> failover issues with our Samba file server.
>
> For starters, this is a Debian Etch machine running Samba-3.0.24-2. At
> this point, this is a critical production machine. Upgrading is on our
> to-do path, but is not an option for an immediate fix to this problem.
> With the exception of this problem, this Samba installation has been
> very stable thus far.
>
> The issue is that when the PDC died, the Samba server was unable to
> authenticate any users. I have security set to domain and the password
> server directive is set to *
>
> When I do an nmblookup on the wins server specified in smb.conf I get:
>
> nmblookup -U WINSSVR -R DOMAIN#1C10.0.0.30 DOMAIN1<1c>
> 10.0.0.X DOMAIN<1c>
> 192.X.X.X DOMAIN<1c>


The problem turned out to be that there were three WINS servers 
configured in the smb.conf.  2 of the three WINS servers do not know 
about the BDC.  The third does.  When I defined only the third in 
smb.conf, we had no authentication outage.

So the real issue then is why don't the other two WINS servers see the 
BDC?  Of the two WINS servers, one is another Debian Etch box with Samba 
3.0.21a-4 and the other is Debian Lenny running Samba 3.2.5-4.  (The 
working WINS Server is Lenny with Samba 3.2.5-4 as well)

The smb.conf for all three boxes have the same WINS settings:
name resolve order = host lmhosts bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
dns proxy = Yes
wins proxy = No
wins support = Yes

Of the three, one of the non-working WINS servers is on the same subnet 
as the working WINS server and the PDC.  The BDC is not on the same 
subnet as any of these guys.

Working WINS: 192.X.X.X
NonWorking WINS: 192.X.X.Y
PDC: 192.X.X.Z
BDC: 10.0.0.X
NonWorking WINS: 10.10.12.X

Any help in trouble-shooting this would be greatly appreciated.