[Samba] How to Force Domain Clients to use new PDC
Gaiseric Vandal
gaiseric.vandal at gmail.com
Fri Feb 17 08:14:26 MST 2012
You could try stopping the wins service, backing up and deleting the
wins.tdb and wins.dat file, then starting the wins server again. (this
is for the wins service from samba 3- I don't know how samba4wins
handles this.) This should make sure that only the new PDC registers
itself in the WINS db. Before you do so, you may want to look at the
existing wins db. I don't remember if the wins.dat file is created from
the wins.tdb file or the other way around. You can use the tdbdump
command on a TDB file. The wins database should list whether a machine
is a logon server or browser. I suspect your existing wins database
still has entries for the old DC's. I don't know how lonh the WINS
database will keep old entries- it could be for days or weeks. There
is also a tdbedit command that you could use to try to edit the wins TBD
file (if applicable.)
the only reason you might want to use lmhosts on a machine is to verify,
with a single machine, that the new PDC really can handle the
authentication/login from a client PC.
Can you use the NT4 Wins Manager tool to query your WINS server?
On 02/17/12 08:17, Wikked One wrote:
> All systems are joined to the same domain and have the same SID,confirmed.
> I'm using the NT4 Server manager to look at status of all domain members,
> it displays the hierarchy of the domain, (I figure if an XP
> workstation (domain member,logged
> in as the domain admin) is picking up the change (it does indicate the
> change usually within 15 minutes
> of the BDC to PDC and vice versa). Workstations still report the old
> PDC when issuing an echo %logonserver%
> at the command line,which I understand from the old NT4 Server
> days,the BDC usually handles logon requests,
> but since I'm trying to make the shift to a TLS communication with the
> LDAP backend I stop the samba service on
> the non-TLS BDC and promote the BDC to PDC using the OS level and a
> couple other parameters.
>
> When it comes to the WINS servers,what I'm asking is IF I can make a
> change on them to recognize the new PDC faster by
> changing a parameter on them so that WINS "leases" (for lack of the
> parameter name at the moment) are refreshed and the
> new PDC recognize by all members of the domain faster?
>
> The two seem to be connected so if I can get WINS to distribute the
> new PDC to the rest of the domain
> faster.....
> The Domain wide recognition of the new PDC takes too long ....
>
> the Hosts (LMHOSTS) file is not a good option in this case....
>
>
>
>
> > Date: Thu, 16 Feb 2012 11:59:00 -0500
> > From: gaiseric.vandal at gmail.com
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] How to Force Domain Clients to use new PDC
> >
> > Are all DC's truly in the same domain? ("net getdomainsid" command
> > should show the same domain sid on all DC's.) Were the new servers
> > joined to the existing domain when setting up or did you just configure
> > the same domain name.
> >
> > What exactly are you using the NT4 server manager tool for?
> >
> > Presumably all samba DC's and clients are pointing to the same WINS
> > server. Windows machines by default will prefer to authenticate
> > against a BDC. You can try to change this by increasing the "announce
> > version" and "os level" parameters in the smb.conf file. The only way
> > to really force it is to NOT use wins and configure the client to
> use an
> > lmhosts file to find the DC.
> >
> >
> >
> > On 02/16/12 09:37, Wikked One wrote:
> > >
> > >
> > > Good Morning Samba Team,
> > >
> > > We’ve been using Samba 3.4.8 and
> > > OpenLdap as an NT domain PDC for a number of years, running on
> CentOS 5.7 64 bit. In the
> > > meantime I’ve been configuring other systems to use a multimaster
> OpenLdap
> > > backend and implement TLS. Obviously the
> > > first system does not communicate with the other 2 systems (now
> registered as
> > > BDC system on the same domain).
> > >
> > > I have imported the user,group and computer groups into the
> > > newer systems so that all password and user information is
> synchronized.
> > >
> > > We are also use Samba4Wins as our WINS server…..
> > >
> > > Now my question: I
> > > can “promote” the target system I want to as the PDC by making a
> few changes to
> > > the smb.conf as well as the config file on the current PDC.
> > >
> > > When I use the old NT4 server manager tool the domain change
> > > seems to take a few minutes to register, however many of the
> domain member
> > > client systems (almost exclusively Windows XP Pro) are failing to
> recognize the
> > > change and still use the old PDC to login.
> > >
> > >
> > > How can I force the client systems to recognize the new PDC
> > > ?Is this dependent on the WINS servers?
> > >
> > >
> > > Thanks!
> > >
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list