[Samba] How to Force Domain Clients to use new PDC

Daniel Müller mueller at tropenklinik.de
Mon Feb 20 00:38:53 MST 2012

If you have setup a new domain. You need to rejoin all clients to that
domain? Or not?!

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Wikked One
Gesendet: Freitag, 17. Februar 2012 19:16
An: gaiseric.vandal at gmail.com
Cc: samba at lists.samba.org
Betreff: Re: [Samba] How to Force Domain Clients to use new PDC

Thanks for the response I appreciate it!
I haven't had any exposure to the NT4 Wins manager tool,I'll hunt around for
as far as querying the Wins servers I usually use NSLookup and I've look at
the output of
tdbdump.  I'll be researching the samba4wins available parameters around
midweek next week,
(just in case there are any further developments or replies on this) during
the weekend.
I've got a 4 day weekend .....and I may not get to those config life
parameters for Samba4wins till then.

Date: Fri, 17 Feb 2012 10:14:26 -0500
From: gaiseric.vandal at gmail.com
To: wikked1 at hotmail.com
CC: samba at lists.samba.org
Subject: Re: [Samba] How to Force Domain Clients to use new PDC


    You could try stopping the wins service, backing up and deleting the
    wins.tdb and wins.dat file, then starting the wins server again. 
    (this is for the wins service from samba 3-  I don't know how
    samba4wins handles this.)  This should make sure that only the new
    PDC registers itself in the WINS db.  Before you do so, you may want
    to look at the existing wins db.  I don't remember if the wins.dat
    file is created from the wins.tdb file or the other way around.  You
    can use the tdbdump command on a TDB file.   The wins database
    should list whether a machine is a logon server or browser.     I
    suspect your existing wins database still has entries for the old
    DC's.      I don't know how lonh the WINS database will keep old
    entries-  it could be for days or weeks.   There is also a tdbedit
    command that you could use to try to edit the wins TBD file (if


    the only reason you might want to use lmhosts on a machine is to
    verify, with a single machine, that the new PDC really can handle
    the authentication/login from a client PC.   


    Can you use the NT4 Wins Manager tool to query your WINS server? 



    On 02/17/12 08:17, Wikked One wrote:
        All systems are joined to the same domain and have the same

        I'm using the NT4 Server manager to look at status of all domain

        it displays the hierarchy of the domain, (I figure if an XP
        workstation (domain member,logged

        in as the domain admin) is picking up the change (it does
        indicate the change usually within 15 minutes 

        of the BDC to PDC and vice versa).   Workstations still report
        the old PDC when issuing an echo %logonserver% 

        at the command line,which I understand from the old NT4 Server
        days,the BDC usually handles logon requests,

        but since I'm trying to make the shift to a TLS communication
        with the LDAP backend I stop the samba service on

        the non-TLS BDC and promote the BDC to PDC using the OS level
        and a couple other parameters.


        When it comes to the WINS servers,what I'm asking is IF I can
        make a change on them to recognize the new PDC faster by

        changing a parameter on them so that WINS "leases" (for lack of
        the parameter name at the moment) are refreshed and the

        new PDC recognize by all members of the domain faster?


        The two seem to be connected so if I can get WINS to distribute
        the new PDC to the rest of the domain


        The Domain wide recognition of the new PDC takes too long ....


        the Hosts (LMHOSTS) file is not a good option in this case....





        > Date: Thu, 16 Feb 2012 11:59:00 -0500

          > From: gaiseric.vandal at gmail.com

          > To: samba at lists.samba.org

          > Subject: Re: [Samba] How to Force Domain Clients to use
          new PDC


          > Are all DC's truly in the same domain? ("net
          getdomainsid" command 

          > should show the same domain sid on all DC's.) Were the
          new servers 

          > joined to the existing domain when setting up or did you
          just configure 

          > the same domain name.


          > What exactly are you using the NT4 server manager tool


          > Presumably all samba DC's and clients are pointing to the
          same WINS 

          > server. Windows machines by default will prefer to

          > against a BDC. You can try to change this by increasing
          the "announce 

          > version" and "os level" parameters in the smb.conf file.
          The only way 

          > to really force it is to NOT use wins and configure the
          client to use an 

          > lmhosts file to find the DC.




          > On 02/16/12 09:37, Wikked One wrote:

          > >

          > >

          > > Good Morning Samba Team,

          > >

          > > We’ve been using Samba 3.4.8 and

          > > OpenLdap as an NT domain PDC for a number of years,
          running on CentOS 5.7 64 bit. In the

          > > meantime I’ve been configuring other systems to use
          a multimaster OpenLdap

          > > backend and implement TLS. Obviously the

          > > first system does not communicate with the other 2
          systems (now registered as

          > > BDC system on the same domain).

          > >

          > > I have imported the user,group and computer groups
          into the

          > > newer systems so that all password and user
          information is synchronized.

          > >

          > > We are also use Samba4Wins as our WINS server

          > >

          > > Now my question: I

          > > can “promote” the target system I want to as the PDC
          by making a few changes to

          > > the smb.conf as well as the config file on the
          current PDC.

          > >

          > > When I use the old NT4 server manager tool the
          domain change

          > > seems to take a few minutes to register, however
          many of the domain member

          > > client systems (almost exclusively Windows XP Pro)
          are failing to recognize the

          > > change and still use the old PDC to login.

          > >

          > >

          > > How can I force the client systems to recognize the
          new PDC

          > > ?Is this dependent on the WINS servers?

          > >

          > >

          > > Thanks!

          > >

          > > 


          > -- 

          > To unsubscribe from this list go to the following URL and
          read the

          > instructions:

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list