[Samba] Samba4 as BDC on a Win2003 AD_PDC
Karel Lang AFD
lang at afd.cz
Thu Oct 9 07:28:19 MDT 2014
i'm quite new to Samba list and particulary to Samba4 too, so take my
word with a grain of solt.
I think that maybe the terminology you use is not quite accurate, or clear.
Because (IMHO) you can not have server acting as PDC (primary domain
controller) in AD (active directory) as far as i understand it.
You can have either one off it, but not both.
What you talk about, that you have atm., (i think) is 'classic' NTv4
domain that consists of one PDC and as much as needed BDC servers.
Only the PDC can make change in authentication backend - usually some
With this being said -in your case - Samba4 can act as PDC or BDC in
NTv4 domain - but as you say, you have it as BDC then it can't make
changes (please now someone correct me if i'm wrong about this - not
If you want to switch off the windows server and retain, or keep NTv4
classic domain with one PDC -> more BDC structure then (IMHO) you need
to switch off Windows server and just make the SAmba4 PDC (change
smb.conf)- and make sure the SAmba4 server is looking into LDAP database
where the former Windoes server was storing the user data.
If the Windows server wwas storing data in it's own database, i guess
that you would need to export data first to 3rd party database first
(openldap, 389 directory server ... etc) and then again switch off
windows server, point Samba 4 to LDAP and make changes ins smb.conf
making it PDC.
I think another possible scenario is that you create AD (active
directory) from your Samba4 server, join windows server to it and
replicate data there, then you can keep win server running or you can
swithc it off.
But this takes quite some study - i'm in the process myself, as i plan
on moving from Samba3 ->4.
But again, you need to decide which type of domain you aim for - AD or
classic NTv4 with PDC-BDC?
On 10/09/2014 02:43 PM, Daniel ATUALIZEM TENHO NOVO MSN wrote:
> I have a Windows 2003 as AD PDC.
> My intention is disable this Windows and use Samba4 instead.
> I have compiled Samba 4.1.12 on Debian 7 without problems.
> I followed Samba Wiki to Join this machine to Win domain, without to do the Samba4 provision steps, as mentioned.
> The join process occurs without errors and all strutcture of Wind2003 was replicated to Samba4. All modifications done on Windows 2003 are updated to Samba 4.
> But, using RSAT to conect to Samba4, I can't create or delete new users or groups. I receive this message on RSAT:
> "The server is unwilling to process the request"
> This is the output on log.samba when I try to create or modify an user by RSAT connected on Samba 4
> [2014/10/09 09:36:29.901189, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback)
> ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_NO_LOGON_SERVERS - extended_ret[0x0]
> And, this message is output on log.samba all the time:
> [2014/10/09 09:37:00.527471, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:e50ee076-7a81-4616-aace-c18b350b7d4d._msdcs.ITEMNT[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS
> I need a help to solve this issue.
> I want to change Wind2003 AD to Samba4 AD by:
> 1 - using Samba4 as secondary to get all users from Windows;
> 2 - testing Samba4 to create, modify and delete users, and replicate to Windows 2003;
> 3 - If step 2 pass, I wanto to "promote" samba 4 as primary DC and turning off Windows 2003;
> 4 - I will create a new samba4 to use as secondary DC.
> Thanks for any help!
More information about the samba