I have recently configured two servers to be controlers of my domain.
The first one is the PDC and is configured like :
domain master = yes
prefered master = yes
local master = yes
domain logons = yes
security = user
os level = 99
And the second, the BDC like :
domain master = no
prefered master = no
local master = no
domain logons = yes
security = user
password server = PDC BDC
os level = 40
When the two servers are started, i see in the logs :
DOMAIN(1) current master browser = PDC
BDC 40009a03 (BDC)
PDC 400c9b0b (PDC)
but my clients (windows 2000 and XP) are authenticated by the BDC.
I don't unterstand why it's working like this !! The PDC becomes the
master if I set the domain logons option to no.
Thanks.
--
Cl?ment DIEBOLD
Service Informatique
LMARC Universit? de Franche-Comt?
24, chemin de l'Epitaphe
25000 Besan?on
Tel : 03 81 66 60 53
Fax : 03 81 66 67 00
--
Misty Stanley-Jones
2005-Mar-02 13:54 UTC
[Samba] Samba as PDC and BDC on the same network.
On Wednesday 02 March 2005 08:14 am, Clement DIEBOLD wrote:> > And the second, the BDC like : > domain master = no > prefered master = no > local master = no > domain logons = yes > security = userI think this needs to be "security = server" but correct me if I am wrong. On your BDC do testparm and it will show you the role of the server. Misty
This is the way it should be working. The BDC handles authentication
requests for the domain unless it becomes overloaded at which time the PDC
steps in to take over.
Refer to Chapter 4 section 4.2 of the Official Samba-3 HOWTO and Reference
Guide that explains Domain Control.
Kevin B. McCrory
Network Engineer - COPS
US Government Solutions
13600 EDS Drive
Mail stop: A4S-B21
Herndon, VA 20171
* phone: +01-703-733-3255
* mailto:kevin.mccrory@eds.com
* AKO mailto:kevin.mccrory@us.army.mil
-----Original Message-----
From: samba-bounces+kevin.mccrory=eds.com@lists.samba.org
[mailto:samba-bounces+kevin.mccrory=eds.com@lists.samba.org] On Behalf Of
Clement DIEBOLD
Sent: Wednesday, March 02, 2005 8:14 AM
To: samba@lists.samba.org
Subject: [Samba] Samba as PDC and BDC on the same network.
I have recently configured two servers to be controlers of my domain. The
first one is the PDC and is configured like :
domain master = yes
prefered master = yes
local master = yes
domain logons = yes
security = user
os level = 99
And the second, the BDC like :
domain master = no
prefered master = no
local master = no
domain logons = yes
security = user
password server = PDC BDC
os level = 40
When the two servers are started, i see in the logs :
DOMAIN(1) current master browser = PDC
BDC 40009a03 (BDC)
PDC 400c9b0b (PDC)
but my clients (windows 2000 and XP) are authenticated by the BDC.
I don't unterstand why it's working like this !! The PDC becomes the
master if I set the domain logons option to no.
Thanks.
--
Cl?ment DIEBOLD
Service Informatique
LMARC Universit? de Franche-Comt?
24, chemin de l'Epitaphe
25000 Besan?on
Tel : 03 81 66 60 53
Fax : 03 81 66 67 00
--
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Jean-Jacques Moulis a ?crit :>On Mon, 07 Mar 2005 09:57:47 +0000 Clement DIEBOLD <clement.diebold@univ-fcomte.fr> wrote: > >CD> >CD> >>>> Then, if I put : >CD> >CD> >> @echo off >CD> >CD> >> echo "Script de demarrage" >CD> >CD> >> net use T: \\PDC\temp /PERSISTENT:NO >CD> >CD> >> >CD> >CD> >> Then, if the PDC becomes down, this script wouldn't work and i must >CD> >CD> >> be there to change the name of the server in the script. >CD> >CD> >> >CD> >CD> >> So, what should I do ?? >CD> >CD> >> >CD> >CD> >> Thanks for the responses. >CD> >CD> >> >CD> >CD> > Any idea ?? >CD> >CD> > >CD> >CD> > Thanks >CD> >CD> >CD> >CD> Nobody :( >CD> > >CD> > A preexec script on the BDC netlogon share could modify the logon script >CD> >according to the availability of the PDC. >CD> > >CD> > >CD> Can you give me an example of the preexec script please? > >in smb.conf >...... >[netlogon] >..... > browseable = no > public = no > root preexec = search_for_life_signs >.... > > >search_for_life_signs: > >#! /bin/sh >if ping PDC > /dev/null 2>&1 ; then >cp epitaph_for_the_PDC LOGON.BAT >fi > > >Even if you are located at a place with such mournful connotation >I don't think your PDC will expire so often. > >This idea of a preexec script is not that good after all >Instead of a preexec script you should run a cron job on the BDC that make the LOGON.BAT >change when the PDC is unavailable. > >You should also have a better check than ping, perhaps something with smbclient. >The check should also allow for some transient failures of the PDC. >The change should be oneway, I suppose, you probably want to know where the most >recent data is. > > > > > > > >CD> -- >CD> Cl?ment DIEBOLD >CD> Service Informatique >CD> LMARC Universit? de Franche-Comt? >CD> 24, chemin de l'Epitaphe >CD> 25000 Besan?on >CD> Tel : 03 81 66 60 53 >CD> Fax : 03 81 66 67 00 > >OK, but know how to change the logon home = \\%L\%U logon path = \\%L\Profiles\%U in my smb.conf when the PDC is down? Thanks for your answers. -- Cl?ment DIEBOLD Service Informatique LMARC Universit? de Franche-Comt? 24, chemin de l'Epitaphe 25000 Besan?on Tel : 03 81 66 60 53 Fax : 03 81 66 67 00 --