hi I have pdc with openldap and samba...two server a master(shogun) and slave(shinobi), two works right and are replicated, and samba works right just when ldapsam is pointed to the same host where it installed (samba is in shogun the master) i mean "passdb backend ldapsam:ldaps://shogun.ironman.es:636" , it works right...but when i put "passdb backend = ldapsam:ldaps://shinobi.ironman.es:636" or "passdb backend = ldapsam:"ldaps://shogun.ironman.es:636 ldaps://shinobi.ironman.es:636", it works just when shogun is up. I test shinobi for auth and it works right. The certificates are right cause i can get auth from all machines and when i start samba teh log don't show any thing wrong. My smb.conf [global] workgroup = IRONMAN netbios name = SHOGUN server string = SAMBA-LDAP PDC server ; wins support = no ; wins server = w.x.y.z interfaces = eth1 pam password change = Yes dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d name resolve order = lmhosts host wins bcast ####AUTENTIFICACION###### security = user encrypt passwords = true passdb backend = ldapsam:ldaps://shogun.ironman.es:636 ;ldappassword sync =yes ; guest account = guest ####; invalid users = root#### unix password sync = no ldap password sync = yes passwd program = /usr/local/sbin/bin/smbldap-passwd -o %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX \spassword:* %n\n . ; obey pam restrictions = yes ; pam password change = no #####LDAP##### ldap admin dn = cn=admin,dc=ironman,dc=es ldap ssl = on ldap delete dn = no ldap suffix = dc=ironman,dc=es ldap user suffix = ou=people ldap group suffix = ou=groups ldap machine suffix = ou=machines ########## Printing ########## # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # lpr(ng) printing. You may wish to override the location of the # printcap file ; printing = bsd ; printcap name = /etc/printcap # CUPS printing. See also the cupsaddsmb(8) manpage in the # cupsys-client package. printing = cups printcap name = cups # When using [print$], root is implicitly a 'printer admin', but you can # also give this right to other users to add drivers and set printer # properties printer admin = @domainprintoperators #######PDC###########3 os level = 80 preferred master = yes domain master = yes local master = yes domain logons = yes ; logon path = //SHOGUN/profiles/%u logon drive = V: logon home = //SHOGUN/%u logon script =%u.bat ; domain admin group = @domainadmins add user script = /usr/local/sbin/smbldap-useradd -w %u ######## File sharing ######## # Name mangling options ; preserve case = yes ; short preserve case = yes ############ Misc ############ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash add user script = /usr/local/sbin/smbldap-useradd -w %u #======================= Share Definitions ====================== [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 [printers] comment = All Printers browseable = no path = /var/spool/samba browseable = no guest ok = no create mask = 0700 use client driver = no printable = yes public = yes writable = no printer admin = root, @domainprintoperators [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no ; write list = root, chechu [netlogon] comment = Network Logon Service path = /home/users/netlogon writeable = no share modes = no guest ok = yes write list = @domainadmins [profiles] comment = User's Profiles path = /home/users/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700 guest ok = yes [peliculas] comment = Peliculas path = /mnt/media/peliculas writable = no browseable = yes guest ok = no [videoclips] comment = Videoclips path = /mnt/ftp/videoclips writable = no browseable = yes guest ok = no [series] comment = Series path = /mnt/media/series writable = no browseable = yes guest ok = no [musica] comment = musica path = /mnt/media/musica writable = no browseable = yes guest ok = no [mldonkey] comment = Peliculas path = /mldonkey writable = no browseable = yes guest ok = no [pelis] comment = Peliculas path = /pelis writable = no browseable = yes guest ok = no