[Samba] LDAP: PDC to BDC replication issues
PGhimire at sundata.com.au
Wed Mar 14 11:15:54 UTC 2018
That worked. Thank you very much.
As per your suggestion, I changed the os level to 66, and changed the following to yes
local master = yes
domain master = yes
preferred master = yes
The four commands you suggested were pointing to the correct servers and giving the correct replies both pre and post the cutover.
What I then realised is the following
- The client machines were still logging in using the "old" PDC, not sure if it is to be expected
- The echo "%logonservername% in a windows client was pointing to the "old PDC", even after a reboot
I should have mentioned before, the "old" PDC box is not going to be decommissioned just yet. It still has and will have the samba shares / CUPS and few other things until such time they get migrated.
What I did then is disabled the vNIC of the "old" PDC. The issue I faced then is the following
- Machines with cached credentials worked
- New logins to those machines came up with " No logon server" available
- Couldn't join a machine to the domain.
I then brought up the old "PDC" back, changed the local master/domain master/preferred master to "no". Still the same results. I thought it might be due to the DNS (Bind9) records. So then changed the hosts and reverse host file to point to the "new" PDC as the SOA. Also, disabled the vNIC of the "old" PDC without changing anything else in that machine.
The above enabled me to join the machine to the domain and login using different users. However, when running the same 4 commands, I found an issue with one of them. The rest worked ok
root at lin-bdc:/etc/samba# host 10.10.14.3
;; connection timed out; no servers could be reached
Earlier this gave 22.214.171.124.in-addr.arpa domain name pointer lin-pdc.lin , which is correct
Looks like the "new" PDC is still looking at the old PDC for DNS . But where though? Have checked the usual suspects
/etc/resolv.conf: Points to itself as the nameserver
/etc/network/interfaces: points to itself as the nameserver
The following is the reverse host file
$TTL 38400 ; 10 hours 40 minutes
14.10.10.in-addr.arpa IN SOA lin-bdc. admin.lin.com.au. (
2012125288 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
432000 ; expire (5 days)
38400 ; minimum (10 hours 40 minutes)
1 PTR lin-pdc.lin.
3 PTR lin-bdc.lin.
Just one more question ;). The next step is to migrate (Classic-AD) the new PDC. I've done this in isolation but using the pre-ldap config, i.e. tdbsam. I would think it will still work with LDAP.
The question is how will the "old" PDC handle being in an AD environment? Obviously it will still be in the " classic" mode. My thoughts were removing any domain login related info (eg. Domain login , preferred master, local master, domain master) from smb.conf, change the bind9 info from the "old" PDC to point to the "new" PDC as the SOA. Then migrate, Classic-AD. Will this approach work?
Sorry for the long email.
From: Harry Jede [mailto:walk2sun at arcor.de]
Sent: Wednesday, 14 March 2018 2:20 AM
To: Praveen Ghimire
Cc: samba at lists.samba.org
Subject: Re: [Samba] LDAP: PDC to BDC replication issues
Am Dienstag, 13. März 2018, 11:21:17 CET schrieb Praveen Ghimire:
> Thank you.
> Unfortunately we don't have the choice of upgrading LDAP due to distro
> not supporting the newer version. However we have managed to get it
> to work. A lot of fiddling around.
> I do have another question though ;). Now that we have LDAP
> replicating, how do I transfer the "samba classic " PDC role to our
> BDC. I have read that using the domain master=yes in smb.conf is not
> enough. Do I need to change the NS and SOA entry in our bind 9 hosts
> file to point to the existing BDC as we are not setting up Netbios
> entries in the client machine? Also will wr need to make changes to
> other parameters in smb.conf?
Servers *must have* a "in-addr.arpa domain name pointer".
Check "os level" on old PDC in smb.conf, maybe:
os level = 65
Now run these 4 commands on both PDC and BDC
# nmblookup -M <netbios domain name>
# nmblookup -M -- -
# host <ip address found>
# nmblookup -s /dev/null -R -T -S <short hostname found>
Go to new PDC
and set a "higher os level" on this machine
restart smbd and nmbd
Server election wil start in background, wait some minutes
Run the above 4 commands again, watch for <1d>. This is the current PDC.
samples with output:
# nmblookup -M europa
querying europa on 127.255.255.255
# nmblookup -M -- -
querying __MSBROWSE__ on 127.255.255.255
# host 10.100.0.1
126.96.36.199.in-addr.arpa domain name pointer capella.europa.xx.
# nmblookup -s /dev/null -R -T -S capella
querying capella on 10.100.255.255
capella.europa.xx, 10.100.0.1 capella<00>
Looking up status of 10.100.0.1
CAPELLA <00> - H <ACTIVE>
CAPELLA <03> - H <ACTIVE>
CAPELLA <20> - H <ACTIVE>
..__MSBROWSE__. <01> - <GROUP> H <ACTIVE>
EUROPA <1d> - H <ACTIVE>
EUROPA <1b> - H <ACTIVE>
EUROPA <1c> - <GROUP> H <ACTIVE>
EUROPA <1e> - <GROUP> H <ACTIVE>
EUROPA <00> - <GROUP> H <ACTIVE>
MAC Address = 00-00-00-00-00-00
here "CAPELLA" is the server netbios name, 10.100.0.1 the server ip
and "EUROPA" is the netbios domain name.
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
More information about the samba