You can't do it!
Samba won't be a BDC for NT and viceversa.
maybe, you should wait samba 4.0.
Il lun, 2004-07-26 alle 13:05, Julien Bordet ha scritto:
> Hi every body,
>
> As you may have guessed, I've got a problem ;)
>
> What I had :
>
> - A PDC Server (Windows NT 4 SP 6a), called SERVER1, for the domain TEST
> - A BDC Server (Windows NT 4 SP 6a), called SERVER2, for the domain TEST
>
> Everything was working fine.
>
> Now I switched my NT PDC to a Samba PDC, and I make SERVER1 a BDC for the
domain. Until now, no problem. I use samba 3.0.4, connected to OpenLDAP thanks
to the ldapsam method.
>
> However, after promoting Samba to be the PDC, it seems that none of the two
BDC (SERVER1 and SERVER2) can synchronize SAM, LSA and BUILTIN databases from
SAMBA.
>
> So I can logon with any user/password that existed before the migration,
but cannot add any new account on the SAMBA/LDA Server. I've got a password
error when trying to log in.
>
> On both servers, I have the following error :
>
> Event ID 5718
> The full synchronization replication of the LSA database from the primary
domain controller servername failed with the following error: Procedure number
out of range.
>
> I've successfully tried to establishe a secure channel from the BDC,
with the netdomain command
>
>
> NETDOM BDC SERVER1 /SYNC
>
> However, trying to force a synchronization returns :
>
> C:\ntreskit>nltest /BDC_QUERY:TEST
> Server : \\SERVER1
> SyncState : REPLICATION_IN_PROGRESS
> ConnectionState : Status = 1745 0x6d1 RPC_S_PROCNUM_OUT_OF_RANGE
> The command completed successfully
>
> The error message here corresponds to the message of the event viewer.
>
> Have anyone of you seem anything like that before ?
>
> I've search both the microsoft support site and the samba mailing list
archive, but without success.
>
> Many thanks for your help.
>
>
>
> Julien
>
>
>
>
>
> Here is my smb.conf :
>
>
>
> [Global]
> workgroup = TEST
> netbios name = SAMBA
> server string = SAMBA-LDAP
> username map = /etc/samba/smbusers
> encrypt passwords = yes
> interfaces = 172.16.0.115/16
>
> domain logons = Yes
> os level = 65
> domain master = Yes
> local master = No
> security = user
> wins support = Yes
>
> passdb backend = ldapsam:ldap://localhost
> ldap admin dn = "cn=samba,ou=DSA,dc=testdomain,dc=fr"
> ldap ssl = off
> ldap delete dn = yes
> ldap user suffix = ou=Utilisateurs
> ldap group suffix = ou=Groupes
> ldap machine suffix = ou=Machines
> ldap suffix = dc=testdomain,dc=fr
> ldap idmap suffix = ou=Users
> ldap passwd sync = yes
>
> Dos charset = 850
> Unix charset = ISO8859-1
>
> log level = 99
> log file = /var/log/samba/%m.log
> max log size = 100000
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
> logon script = logon.bat
> logon drive = H:
> logon home > logon path >
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
>
> [homes]
> comment = R?pertoires utilisateurs
> valid users = %U
> read only = No
> create mask = 0664
> directory mask = 0775
> browseable = No
>
> [netlogon]
> path = /var/lib/samba/netlogon
> browseable = No
> read only = Yes
>
>
>
>
>
>
>
>
> ______________________________________________________________________
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
_______________________
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: umberto.z@tin.it
web: http://linuxdidattica.org
_______________________