I have had a samba PDC up and running for about a month now with no
issues, this weekend I added a BDC and it seems that all my clients are
now logging into the BDC automatically instead of the PDC. I had to
mount the homes from the PDC to the BDC so that users can have access to
their home directories and set the path to the profiles directory on the
BDC to that of the PDC. I also had to copy all my login scripts from the
PDC to the BDC so that they will run when users login. Everything seems
to be working okay now that everything is pointing to the correct
directories, but it seems like things a backward from what they should
be. If I login to the domain, my home directory (mapped to drive U: in
windows XP), now shows up as the Backup Domain Controller, instead of
the PDC. Should the BDC only be used as a failsafe, when the PDC isn't
available? I have included my conf files for both PDC and BDC.
Samba version 3.0.23d-30 with LDAP backend.
PDC smb.conf
[global]
unix charset = LOCALE
workgroup = glastendernet
netbios name = aster
server string = Glastender Domain Controller running %v
interfaces = eth1, lo
bind interfaces only = yes
os level = 255
preferred master = yes
local master = yes
domain master = yes
security = user
time server = yes
username map = /etc/samba/smbusers
wins support = yes
encrypt passwords = yes
pam password change = yes
name resolve order = wins bcast hosts
winbind nested groups = no
passdb backend = ldapsam:"ldap://127.0.0.1 ldap://aspen"
ldap passwd sync = Yes
ldap suffix = dc=glastender,dc=com
ldap admin dn = cn=Manager,dc=glastender,dc=com
ldap ssl = no
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://127.0.0.1/
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
#delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
#delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
add user to group script = /etc/smbldap-tools/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x
"%u" "%g"
set primary group script = /etc/smbldap-tools/smbldap-usermod -g "%g"
"%u"
domain logons = yes
log file = /var/log/samba/log.%m
log level = 1
syslog = 0
max log size = 50
#smb ports = 139 445
smb ports = 139
hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
# User profiles and home directories
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat
large readwrite = no
read raw = no
write raw = no
printcap name = /etc/printcap
load printers = no
printing template shell = /bin/false
winbind use default domain = no
#=========Shares======[homes]
comment = Home Directories
browseable = no
read only = no
write list = %U
create mask = 0600
directory mask = 0700
force user = %U
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
writeable = yes
browseable = no
profile acls = yes
[netlogon]
path = /var/lib/samba/netlogon
guest ok = yes
locking = no
BDC smb.conf
[global]
unix charset = LOCALE
workgroup = GLASTENDERNET
socket options = TCP_NODELAY IPTOS_LOWDELAY
server string = Backup Domain Controller
passdb backend = ldapsam:"ldap://127.0.0.1
ldap://aster.glastender.com"
username map = /etc/samba/smbusers
domain master = no
domain logons = yes
os level = 35
log level = 1
syslog = 0
log file = /var/log/samba/%m.log
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
logon drive = U:
logon path = \\aster\profiles\%U
logon script = %U.bat
wins server = 172.16.24.7
ldap suffix = dc=glastender,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=glastender,dc=com
idmap backend = ldap://aster.glastender.com
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = yes
password server = 172.16.24.7
winbind use default domain = no
veto oplock files = /*.mdb/
utmp = yes
#################SHARES#######################
[homes]
comment = Home Directories
browseable = no
read only = no
write list = %U
create mask = 0600
directory mask = 0700
force user = %U
[profiles]
comment = Profile Share
path = \\aster\profiles
writeable = yes
browseable = no
profile acls = yes
[netlogon]
path = \\aster\netlogon
guest ok = yes
locking = no
--
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
