samba - Mar 2007 - Problem with 02 domains on a single PDC

Hi all.

I have 01 Samba-LDAP Server running 02 domains on separated networks.

----------------
|    SERVER    |
----------------
  |          |
  |          |
ADMIN      LABI

When I try to join the ADMIN domain, the machine joins the LABI domain. When
I stop the LABI domain, the machine can join the ADMIN domain normally.

Does anyone know how to fix this?

Thanks.

My configuration files are listed below.

DOMAIN 01

[global]
        workgroup = LABI
        netbios name = FACOMP01
        server string = Controlador de Dominio
        domain master = yes
        preferred master = yes
        local master = yes
        domain logons = yes
        enable privileges = yes
        encrypt passwords = yes
        ldap passwd sync = yes
        passdb backend = ldapsam:ldap://localhost
        ldap suffix = dc=LABI,dc=facomp,dc=edu,dc=br
        ldap machine suffix = ou=Computadores
        ldap user suffix = ou=Usuarios
        ldap group suffix = ou=Grupos
        ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br
        ldap ssl = no
        logon home = \\%L\%U\.profiles
        logon path = \\%L\profiles\%U
        logon script = netlogon.bat
        security = user
        os level = 256
        interfaces = 172.16.2.254
        log level = 3

[netlogon]
        comment = Servico de Logon
        path = /var/samba/netlogon/labi
        guest ok = Yes
        browseable = No

[homes]
        comment = Diretorio Home
        valid users = %S
        guest ok = Yes
        browseable = No
        writeable = Yes

[profiles]
        path = /var/samba/profiles/labi
        writeable = Yes
        browseable = No
        create mask = 0600
        directory mask = 0700

[arquivos]
        path = /var/samba/arquivos/labi
        writeable = No
        browseable = Yes
        create mask = 0600
        directory mask = 0700

DOMAIN 02

[global]
        workgroup = ADMIN
        netbios name = FACOMP01
        server string = Controlador de Dominio
        domain master = yes
        preferred master = yes
        local master = yes
        domain logons = yes
        enable privileges = yes
        encrypt passwords = yes
        ldap passwd sync = yes
        passdb backend = ldapsam:ldap://localhost
        ldap suffix = dc=ADMIN,dc=facomp,dc=edu,dc=br
        ldap machine suffix = ou=Computadores
        ldap user suffix = ou=Usuarios
        ldap group suffix = ou=Grupos
        ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br
        ldap ssl = no
        logon home = \\%L\%U\.profiles
        logon path = \\%L\profiles\%U
        logon script = netlogon.bat
        security = user
        os level = 256
        interfaces = 172.16.1.254
        log level = 3

[netlogon]
        comment = Servico de Logon
        path = /var/samba/netlogon/admin
        guest ok = Yes
        browseable = No

[homes]
        comment = Diretorio Home
        valid users = %S
        guest ok = Yes
        browseable = No
        writeable = Yes

[profiles]
        path = /var/samba/profiles/admin
        writeable = Yes
        browseable = No
        create mask = 0600
        directory mask = 0700

[arquivos]
        path = /var/samba/arquivos/admin
        writeable = No
        browseable = Yes
        create mask = 0600
        directory mask = 0700

-- 
Allysson Steve Mota Lacerda
stevelacerda@stevelacerda.net
http://www.stevelacerda.net

Both of your servers have the same netbios name! This is how Windows 
distinguishes different machines on the network. The weird behaviour is 
because of this conflict. Change the name of one server and everything 
may work.


Allysson Steve Mota Lacerda wrote:
> Hi all.
>
> I have 01 Samba-LDAP Server running 02 domains on separated networks.
>
> ----------------
> |    SERVER    |
> ----------------
>  |          |
>  |          |
> ADMIN      LABI
>
> When I try to join the ADMIN domain, the machine joins the LABI 
> domain. When
> I stop the LABI domain, the machine can join the ADMIN domain normally.
>
> Does anyone know how to fix this?
>
> Thanks.
>
> My configuration files are listed below.
>
> DOMAIN 01
>
> [global]
>        workgroup = LABI
>        netbios name = FACOMP01
>        server string = Controlador de Dominio
>        domain master = yes
>        preferred master = yes
>        local master = yes
>        domain logons = yes
>        enable privileges = yes
>        encrypt passwords = yes
>        ldap passwd sync = yes
>        passdb backend = ldapsam:ldap://localhost
>        ldap suffix = dc=LABI,dc=facomp,dc=edu,dc=br
>        ldap machine suffix = ou=Computadores
>        ldap user suffix = ou=Usuarios
>        ldap group suffix = ou=Grupos
>        ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br
>        ldap ssl = no
>        logon home = \\%L\%U\.profiles
>        logon path = \\%L\profiles\%U
>        logon script = netlogon.bat
>        security = user
>        os level = 256
>        interfaces = 172.16.2.254
>        log level = 3
>
> [netlogon]
>        comment = Servico de Logon
>        path = /var/samba/netlogon/labi
>        guest ok = Yes
>        browseable = No
>
> [homes]
>        comment = Diretorio Home
>        valid users = %S
>        guest ok = Yes
>        browseable = No
>        writeable = Yes
>
> [profiles]
>        path = /var/samba/profiles/labi
>        writeable = Yes
>        browseable = No
>        create mask = 0600
>        directory mask = 0700
>
> [arquivos]
>        path = /var/samba/arquivos/labi
>        writeable = No
>        browseable = Yes
>        create mask = 0600
>        directory mask = 0700
>
> DOMAIN 02
>
> [global]
>        workgroup = ADMIN
>        netbios name = FACOMP01
>        server string = Controlador de Dominio
>        domain master = yes
>        preferred master = yes
>        local master = yes
>        domain logons = yes
>        enable privileges = yes
>        encrypt passwords = yes
>        ldap passwd sync = yes
>        passdb backend = ldapsam:ldap://localhost
>        ldap suffix = dc=ADMIN,dc=facomp,dc=edu,dc=br
>        ldap machine suffix = ou=Computadores
>        ldap user suffix = ou=Usuarios
>        ldap group suffix = ou=Grupos
>        ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br
>        ldap ssl = no
>        logon home = \\%L\%U\.profiles
>        logon path = \\%L\profiles\%U
>        logon script = netlogon.bat
>        security = user
>        os level = 256
>        interfaces = 172.16.1.254
>        log level = 3
>
> [netlogon]
>        comment = Servico de Logon
>        path = /var/samba/netlogon/admin
>        guest ok = Yes
>        browseable = No
>
> [homes]
>        comment = Diretorio Home
>        valid users = %S
>        guest ok = Yes
>        browseable = No
>        writeable = Yes
>
> [profiles]
>        path = /var/samba/profiles/admin
>        writeable = Yes
>        browseable = No
>        create mask = 0600
>        directory mask = 0700
>
> [arquivos]
>        path = /var/samba/arquivos/admin
>        writeable = No
>        browseable = Yes
>        create mask = 0600
>        directory mask = 0700
>

Did you restart Samba?


Allysson Steve Mota Lacerda wrote:
> Not yet.
>
> I've got the same problem.
>
> -- 
> Allysson Steve Mota Lacerda
> stevelacerda@stevelacerda.net <mailto:stevelacerda@stevelacerda.net>
> http://www.stevelacerda.net <http://www.stevelacerda.net>

Also, you may have to wait for WINS to detect the change. Sometimes this 
may require rebooting the machine with the changed name. I don't know 
where your network is getting its WINS services from, so I can't be more 
specific.


Did you restart Samba?


Allysson Steve Mota Lacerda wrote:
> Not yet.
>
> I've got the same problem.
>
> -- 
> Allysson Steve Mota Lacerda
> stevelacerda@stevelacerda.net <mailto:stevelacerda@stevelacerda.net>
> http://www.stevelacerda.net <http://www.stevelacerda.net>

If I understand things, you have one server that you want to serve as a 
domain controller for two different domains. Each domain is a separate 
ldap dc within facomp.edu and each has either its own NIC or at least a 
different IP address on the same NIC.

You are running two different copies of Samba at the same time, pointing 
to a different smb.conf when you start each one. You may want to look at 
http://wiki.samba.org/index.php/Multiple_Server_Instances for an example 
of how to accomplish this.

I haven't tried this myself, but I notice that the wiki assigns 
different pid and lock directories for each instance. Your configuration 
doesn't do this. There are also some differences on how it specifies the 
interfaces that may or may not be important. Give the wiki a try and 
good luck.


Allysson Steve Mota Lacerda wrote:
> On 3/20/07, *Gary Dale* <garydale@torfree.net 
> <mailto:garydale@torfree.net>> wrote:
>
>     Also, you may have to wait for WINS to detect the change.
>     Sometimes this may require rebooting the machine with the changed
>     name. I don't know where your network is getting its WINS services
>     from, so I can't be more specific. 
>
>
> Yes, I've restarted Samba and the machine. Now I can access the server 
> by its new netbios name but the problem continues...
>
> -- 
> Allysson Steve Mota Lacerda
> stevelacerda@stevelacerda.net <mailto:stevelacerda@stevelacerda.net>
> http://www.stevelacerda.net

Allysson Steve Mota Lacerda escribi?:
> I have 01 Samba-LDAP Server running 02 domains on separated networks.
> 
> ----------------
> |    SERVER    |
> ----------------
>  |          |
>  |          |
> ADMIN      LABI
> 
> When I try to join the ADMIN domain, the machine joins the LABI domain. 
> When
> I stop the LABI domain, the machine can join the ADMIN domain normally.
> 
> Does anyone know how to fix this?
This is not related to yout question, instead is about your setup.

I've seen that you share the same LDAP between two domains, and you share
the ou's of
users, groups and computers. I'm looking for a similar setup for my work and
your
experience would be very useful.

?How have you make this setup? Have you used the smbldap-tools package? Any
pointers
should be great help.

Thanks