Allysson Steve Mota Lacerda
2007-Mar-20 19:16 UTC
[Samba] Problem with 02 domains on a single PDC
Hi all. I have 01 Samba-LDAP Server running 02 domains on separated networks. ---------------- | SERVER | ---------------- | | | | ADMIN LABI When I try to join the ADMIN domain, the machine joins the LABI domain. When I stop the LABI domain, the machine can join the ADMIN domain normally. Does anyone know how to fix this? Thanks. My configuration files are listed below. DOMAIN 01 [global] workgroup = LABI netbios name = FACOMP01 server string = Controlador de Dominio domain master = yes preferred master = yes local master = yes domain logons = yes enable privileges = yes encrypt passwords = yes ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=LABI,dc=facomp,dc=edu,dc=br ldap machine suffix = ou=Computadores ldap user suffix = ou=Usuarios ldap group suffix = ou=Grupos ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br ldap ssl = no logon home = \\%L\%U\.profiles logon path = \\%L\profiles\%U logon script = netlogon.bat security = user os level = 256 interfaces = 172.16.2.254 log level = 3 [netlogon] comment = Servico de Logon path = /var/samba/netlogon/labi guest ok = Yes browseable = No [homes] comment = Diretorio Home valid users = %S guest ok = Yes browseable = No writeable = Yes [profiles] path = /var/samba/profiles/labi writeable = Yes browseable = No create mask = 0600 directory mask = 0700 [arquivos] path = /var/samba/arquivos/labi writeable = No browseable = Yes create mask = 0600 directory mask = 0700 DOMAIN 02 [global] workgroup = ADMIN netbios name = FACOMP01 server string = Controlador de Dominio domain master = yes preferred master = yes local master = yes domain logons = yes enable privileges = yes encrypt passwords = yes ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost ldap suffix = dc=ADMIN,dc=facomp,dc=edu,dc=br ldap machine suffix = ou=Computadores ldap user suffix = ou=Usuarios ldap group suffix = ou=Grupos ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br ldap ssl = no logon home = \\%L\%U\.profiles logon path = \\%L\profiles\%U logon script = netlogon.bat security = user os level = 256 interfaces = 172.16.1.254 log level = 3 [netlogon] comment = Servico de Logon path = /var/samba/netlogon/admin guest ok = Yes browseable = No [homes] comment = Diretorio Home valid users = %S guest ok = Yes browseable = No writeable = Yes [profiles] path = /var/samba/profiles/admin writeable = Yes browseable = No create mask = 0600 directory mask = 0700 [arquivos] path = /var/samba/arquivos/admin writeable = No browseable = Yes create mask = 0600 directory mask = 0700 -- Allysson Steve Mota Lacerda stevelacerda@stevelacerda.net stevelacerda.net
Both of your servers have the same netbios name! This is how Windows distinguishes different machines on the network. The weird behaviour is because of this conflict. Change the name of one server and everything may work. Allysson Steve Mota Lacerda wrote:> Hi all. > > I have 01 Samba-LDAP Server running 02 domains on separated networks. > > ---------------- > | SERVER | > ---------------- > | | > | | > ADMIN LABI > > When I try to join the ADMIN domain, the machine joins the LABI > domain. When > I stop the LABI domain, the machine can join the ADMIN domain normally. > > Does anyone know how to fix this? > > Thanks. > > My configuration files are listed below. > > DOMAIN 01 > > [global] > workgroup = LABI > netbios name = FACOMP01 > server string = Controlador de Dominio > domain master = yes > preferred master = yes > local master = yes > domain logons = yes > enable privileges = yes > encrypt passwords = yes > ldap passwd sync = yes > passdb backend = ldapsam:ldap://localhost > ldap suffix = dc=LABI,dc=facomp,dc=edu,dc=br > ldap machine suffix = ou=Computadores > ldap user suffix = ou=Usuarios > ldap group suffix = ou=Grupos > ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br > ldap ssl = no > logon home = \\%L\%U\.profiles > logon path = \\%L\profiles\%U > logon script = netlogon.bat > security = user > os level = 256 > interfaces = 172.16.2.254 > log level = 3 > > [netlogon] > comment = Servico de Logon > path = /var/samba/netlogon/labi > guest ok = Yes > browseable = No > > [homes] > comment = Diretorio Home > valid users = %S > guest ok = Yes > browseable = No > writeable = Yes > > [profiles] > path = /var/samba/profiles/labi > writeable = Yes > browseable = No > create mask = 0600 > directory mask = 0700 > > [arquivos] > path = /var/samba/arquivos/labi > writeable = No > browseable = Yes > create mask = 0600 > directory mask = 0700 > > DOMAIN 02 > > [global] > workgroup = ADMIN > netbios name = FACOMP01 > server string = Controlador de Dominio > domain master = yes > preferred master = yes > local master = yes > domain logons = yes > enable privileges = yes > encrypt passwords = yes > ldap passwd sync = yes > passdb backend = ldapsam:ldap://localhost > ldap suffix = dc=ADMIN,dc=facomp,dc=edu,dc=br > ldap machine suffix = ou=Computadores > ldap user suffix = ou=Usuarios > ldap group suffix = ou=Grupos > ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br > ldap ssl = no > logon home = \\%L\%U\.profiles > logon path = \\%L\profiles\%U > logon script = netlogon.bat > security = user > os level = 256 > interfaces = 172.16.1.254 > log level = 3 > > [netlogon] > comment = Servico de Logon > path = /var/samba/netlogon/admin > guest ok = Yes > browseable = No > > [homes] > comment = Diretorio Home > valid users = %S > guest ok = Yes > browseable = No > writeable = Yes > > [profiles] > path = /var/samba/profiles/admin > writeable = Yes > browseable = No > create mask = 0600 > directory mask = 0700 > > [arquivos] > path = /var/samba/arquivos/admin > writeable = No > browseable = Yes > create mask = 0600 > directory mask = 0700 >
Did you restart Samba? Allysson Steve Mota Lacerda wrote:> Not yet. > > I've got the same problem. > > -- > Allysson Steve Mota Lacerda > stevelacerda@stevelacerda.net <mailto:stevelacerda@stevelacerda.net> > stevelacerda.net <stevelacerda.net>
Also, you may have to wait for WINS to detect the change. Sometimes this may require rebooting the machine with the changed name. I don't know where your network is getting its WINS services from, so I can't be more specific. Did you restart Samba? Allysson Steve Mota Lacerda wrote:> Not yet. > > I've got the same problem. > > -- > Allysson Steve Mota Lacerda > stevelacerda@stevelacerda.net <mailto:stevelacerda@stevelacerda.net> > stevelacerda.net <stevelacerda.net>
If I understand things, you have one server that you want to serve as a domain controller for two different domains. Each domain is a separate ldap dc within facomp.edu and each has either its own NIC or at least a different IP address on the same NIC. You are running two different copies of Samba at the same time, pointing to a different smb.conf when you start each one. You may want to look at wiki.samba.org/index.php/Multiple_Server_Instances for an example of how to accomplish this. I haven't tried this myself, but I notice that the wiki assigns different pid and lock directories for each instance. Your configuration doesn't do this. There are also some differences on how it specifies the interfaces that may or may not be important. Give the wiki a try and good luck. Allysson Steve Mota Lacerda wrote:> On 3/20/07, *Gary Dale* <garydale@torfree.net > <mailto:garydale@torfree.net>> wrote: > > Also, you may have to wait for WINS to detect the change. > Sometimes this may require rebooting the machine with the changed > name. I don't know where your network is getting its WINS services > from, so I can't be more specific. > > > Yes, I've restarted Samba and the machine. Now I can access the server > by its new netbios name but the problem continues... > > -- > Allysson Steve Mota Lacerda > stevelacerda@stevelacerda.net <mailto:stevelacerda@stevelacerda.net> > stevelacerda.net
Allysson Steve Mota Lacerda escribi?:> I have 01 Samba-LDAP Server running 02 domains on separated networks. > > ---------------- > | SERVER | > ---------------- > | | > | | > ADMIN LABI > > When I try to join the ADMIN domain, the machine joins the LABI domain. > When > I stop the LABI domain, the machine can join the ADMIN domain normally. > > Does anyone know how to fix this?This is not related to yout question, instead is about your setup. I've seen that you share the same LDAP between two domains, and you share the ou's of users, groups and computers. I'm looking for a similar setup for my work and your experience would be very useful. ?How have you make this setup? Have you used the smbldap-tools package? Any pointers should be great help. Thanks