I recently set up a backup domain controller using Samba 3.0.23. I have
a Samba PDC already running, and all is working fine, but once I added
the BDC, now when people log in to their windows account, their home
directory is now being mapped to their home on the BDC (which is empty)
instead of the PDC. Conf files from each below:
PDC Samba Conf:
[global]
unix charset = LOCALE
workgroup = mydomain
netbios name = PDC
server string = Domain Controller running %v
interfaces = eth1, lo
bind interfaces only = yes
os level = 255
preferred master = yes
local master = yes
domain master = yes
security = user
time server = yes
username map = /etc/samba/smbusers
wins support = yes
encrypt passwords = yes
pam password change = yes
name resolve order = wins bcast hosts
winbind nested groups = no
passdb backend = ldapsam:"ldap://127.0.0.1 ldap://BDC"
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=com
ldap admin dn = cn=Manager,dc=mydomain,dc=com
ldap ssl = no
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://127.0.0.1/
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
#delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
#delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
add user to group script = /etc/smbldap-tools/smbldap-groupmod -m
"%u" "%g"
delete user from group script =
/etc/smbldap-tools/smbldap-groupmod -x "%u" "%g"
set primary group script = /etc/smbldap-tools/smbldap-usermod -g
"%g" "%u"
domain logons = yes
log file = /var/log/samba/log.%m
log level = 1
syslog = 0
max log size = 50
#smb ports = 139 445
smb ports = 139
hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
# User profiles and home directories
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat
large readwrite = no
read raw = no
write raw = no
printcap name = /etc/printcap
load printers = no
printing template shell = /bin/false
winbind use default domain = no
BDC Samba Conf.
[global]
unix charset = LOCALE
workgroup = mydomain
server string = Backup Domain Controller
security = domain
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m.log
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
wins server = 172.16.24.7
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=mydomain,dc=com
idmap backend = ldap:ldap://PDC
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = yes
password server = 172.16.24.7
template shell = /bin/false
domain master = no
local master = no
os level = 0
preferred master = no
winbind use default domain = no
veto oplock files = /*.mbd/
large readwrite = no
read raw = no
write raw = no printcap name = /etc/printcap
load printers = no
printing
--
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
I suspect you need to specify the logon home with actual server name (PDC). Otherwise it defaults to the server you logged onto - in this case your BDC. Jason Baker wrote:> I recently set up a backup domain controller using Samba 3.0.23. I > have a Samba PDC already running, and all is working fine, but once I > added the BDC, now when people log in to their windows account, their > home directory is now being mapped to their home on the BDC (which is > empty) instead of the PDC. Conf files from each below: > > PDC Samba Conf: > [global] > unix charset = LOCALE > workgroup = mydomain > netbios name = PDC > server string = Domain Controller running %v > interfaces = eth1, lo > bind interfaces only = yes > os level = 255 > preferred master = yes > local master = yes > domain master = yes > security = user > time server = yes > username map = /etc/samba/smbusers > wins support = yes > encrypt passwords = yes > pam password change = yes > name resolve order = wins bcast hosts > winbind nested groups = no > passdb backend = ldapsam:"ldap://127.0.0.1 ldap://BDC" > ldap passwd sync = Yes > ldap suffix = dc=mydomain,dc=com > ldap admin dn = cn=Manager,dc=mydomain,dc=com > ldap ssl = no > ldap group suffix = ou=Groups > ldap user suffix = ou=People > ldap machine suffix = ou=People > ldap idmap suffix = ou=Idmap > idmap backend = ldap:ldap://127.0.0.1/ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > map acl inherit = yes > add user script = /etc/smbldap-tools/smbldap-useradd -m "%u" > #delete user script = /etc/smbldap-tools/smbldap-userdel "%u" > add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u" > add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g" > #delete group script = /etc/smbldap-tools/smbldap-groupdel "%g" > add user to group script = /etc/smbldap-tools/smbldap-groupmod > -m "%u" "%g" > delete user from group script = > /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g" > set primary group script = /etc/smbldap-tools/smbldap-usermod -g > "%g" "%u" > domain logons = yes > log file = /var/log/samba/log.%m > log level = 1 > syslog = 0 > max log size = 50 > #smb ports = 139 445 > smb ports = 139 > hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 > # User profiles and home directories > logon drive = U: > logon path = \\%L\profiles\%U > logon script = %U.bat > large readwrite = no > read raw = no > write raw = no > printcap name = /etc/printcap > load printers = no > printing > template shell = /bin/false > winbind use default domain = no > > BDC Samba Conf. > [global] > unix charset = LOCALE > workgroup = mydomain > server string = Backup Domain Controller > security = domain > username map = /etc/samba/smbusers > log level = 1 > syslog = 0 > log file = /var/log/samba/%m.log > max log size = 50 > smb ports = 139 > name resolve order = wins bcast hosts > wins server = 172.16.24.7 > ldap suffix = dc=mydomain,dc=com > ldap machine suffix = ou=People > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap admin dn = cn=Manager,dc=mydomain,dc=com > idmap backend = ldap:ldap://PDC > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind trusted domains only = yes > password server = 172.16.24.7 > template shell = /bin/false > domain master = no > local master = no > os level = 0 > preferred master = no > winbind use default domain = no > veto oplock files = /*.mbd/ > large readwrite = no > read raw = no > write raw = no printcap name = /etc/printcap > load printers = no > printing >
That makes sense. I will try that and report back. *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752.4444 www.glastender.com <http://www.glastender.com> -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ ------END GEEK CODE BLOCK------ Gary Dale wrote:> I suspect you need to specify the logon home with actual server name > (PDC). Otherwise it defaults to the server you logged onto - in this > case your BDC. > > Jason Baker wrote: >> I recently set up a backup domain controller using Samba 3.0.23. I >> have a Samba PDC already running, and all is working fine, but once I >> added the BDC, now when people log in to their windows account, their >> home directory is now being mapped to their home on the BDC (which is >> empty) instead of the PDC. Conf files from each below: >> >> PDC Samba Conf: >> [global] >> unix charset = LOCALE >> workgroup = mydomain >> netbios name = PDC >> server string = Domain Controller running %v >> interfaces = eth1, lo >> bind interfaces only = yes >> os level = 255 >> preferred master = yes >> local master = yes >> domain master = yes >> security = user >> time server = yes >> username map = /etc/samba/smbusers >> wins support = yes >> encrypt passwords = yes >> pam password change = yes >> name resolve order = wins bcast hosts >> winbind nested groups = no >> passdb backend = ldapsam:"ldap://127.0.0.1 ldap://BDC" >> ldap passwd sync = Yes >> ldap suffix = dc=mydomain,dc=com >> ldap admin dn = cn=Manager,dc=mydomain,dc=com >> ldap ssl = no >> ldap group suffix = ou=Groups >> ldap user suffix = ou=People >> ldap machine suffix = ou=People >> ldap idmap suffix = ou=Idmap >> idmap backend = ldap:ldap://127.0.0.1/ >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> map acl inherit = yes >> add user script = /etc/smbldap-tools/smbldap-useradd -m "%u" >> #delete user script = /etc/smbldap-tools/smbldap-userdel "%u" >> add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u" >> add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g" >> #delete group script = /etc/smbldap-tools/smbldap-groupdel "%g" >> add user to group script = /etc/smbldap-tools/smbldap-groupmod >> -m "%u" "%g" >> delete user from group script = >> /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g" >> set primary group script = /etc/smbldap-tools/smbldap-usermod >> -g "%g" "%u" >> domain logons = yes >> log file = /var/log/samba/log.%m >> log level = 1 >> syslog = 0 >> max log size = 50 >> #smb ports = 139 445 >> smb ports = 139 >> hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 >> # User profiles and home directories >> logon drive = U: >> logon path = \\%L\profiles\%U >> logon script = %U.bat >> large readwrite = no >> read raw = no >> write raw = no >> printcap name = /etc/printcap >> load printers = no >> printing >> template shell = /bin/false >> winbind use default domain = no >> >> BDC Samba Conf. >> [global] >> unix charset = LOCALE >> workgroup = mydomain >> server string = Backup Domain Controller >> security = domain >> username map = /etc/samba/smbusers >> log level = 1 >> syslog = 0 >> log file = /var/log/samba/%m.log >> max log size = 50 >> smb ports = 139 >> name resolve order = wins bcast hosts >> wins server = 172.16.24.7 >> ldap suffix = dc=mydomain,dc=com >> ldap machine suffix = ou=People >> ldap user suffix = ou=People >> ldap group suffix = ou=Groups >> ldap idmap suffix = ou=Idmap >> ldap admin dn = cn=Manager,dc=mydomain,dc=com >> idmap backend = ldap:ldap://PDC >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> winbind trusted domains only = yes >> password server = 172.16.24.7 >> template shell = /bin/false >> domain master = no >> local master = no >> os level = 0 >> preferred master = no >> winbind use default domain = no >> veto oplock files = /*.mbd/ >> large readwrite = no >> read raw = no >> write raw = no printcap name = /etc/printcap >> load printers = no >> printing >> >
Hi Jason, The problem is here: logon path = \\%L\profiles\%U With the %L it is refering to your local machine, therefore all your account in ldap are mapping profiles to local host. When the BDC serves a login it tries to map profile to local host. You will need to change this to a machine name or better export your home and profiles from the pdc to bdc through nfs. So login path = \\machine.domain.com\profiles\%U If you choose not to export ur profile and home to the bdc, you will need to manually alter login path for all the user accounts that are stored in ldap; use pdbedit or whatever u normally use to manipulate user account to acheive this. Hope this helps. Cheers, Adrian Sender>From: Jason Baker <jbaker@glastender.com> >To: samba@lists.samba.org >Subject: [Samba] Backup Domain not working >Date: Thu, 31 May 2007 08:46:42 -0400 >I recently set up a backup domain controller using Samba 3.0.23. I have a >Samba PDC already running, and all is working fine, but once I added the >BDC, now when people log in to their windows account, their home directory >is now being mapped to their home on the BDC (which is empty) instead of >the PDC. Conf files from each below: > >PDC Samba Conf: >[global] > unix charset = LOCALE > workgroup = mydomain > netbios name = PDC > server string = Domain Controller running %v > interfaces = eth1, lo > bind interfaces only = yes > os level = 255 > preferred master = yes > local master = yes > domain master = yes > security = user > time server = yes > username map = /etc/samba/smbusers > wins support = yes > encrypt passwords = yes > pam password change = yes > name resolve order = wins bcast hosts > winbind nested groups = no > passdb backend = ldapsam:"ldap://127.0.0.1 ldap://BDC" > ldap passwd sync = Yes > ldap suffix = dc=mydomain,dc=com > ldap admin dn = cn=Manager,dc=mydomain,dc=com > ldap ssl = no > ldap group suffix = ou=Groups > ldap user suffix = ou=People > ldap machine suffix = ou=People > ldap idmap suffix = ou=Idmap > idmap backend = ldap:ldap://127.0.0.1/ > idmap uid = 10000-20000 > idmap gid = 10000-20000 > map acl inherit = yes > add user script = /etc/smbldap-tools/smbldap-useradd -m "%u" > #delete user script = /etc/smbldap-tools/smbldap-userdel "%u" > add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u" > add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g" > #delete group script = /etc/smbldap-tools/smbldap-groupdel "%g" > add user to group script = /etc/smbldap-tools/smbldap-groupmod -m >"%u" "%g" > delete user from group script = /etc/smbldap-tools/smbldap-groupmod >-x "%u" "%g" > set primary group script = /etc/smbldap-tools/smbldap-usermod -g >"%g" "%u" > domain logons = yes > log file = /var/log/samba/log.%m > log level = 1 > syslog = 0 > max log size = 50 > #smb ports = 139 445 > smb ports = 139 > hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 > # User profiles and home directories > logon drive = U: > logon path = \\%L\profiles\%U > logon script = %U.bat > large readwrite = no > read raw = no > write raw = no > printcap name = /etc/printcap > load printers = no > printing > template shell = /bin/false > winbind use default domain = no > >BDC Samba Conf. >[global] > unix charset = LOCALE > workgroup = mydomain > server string = Backup Domain Controller > security = domain > username map = /etc/samba/smbusers > log level = 1 > syslog = 0 > log file = /var/log/samba/%m.log > max log size = 50 > smb ports = 139 > name resolve order = wins bcast hosts > wins server = 172.16.24.7 > ldap suffix = dc=mydomain,dc=com > ldap machine suffix = ou=People > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap admin dn = cn=Manager,dc=mydomain,dc=com > idmap backend = ldap:ldap://PDC > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind trusted domains only = yes > password server = 172.16.24.7 > template shell = /bin/false > domain master = no > local master = no > os level = 0 > preferred master = no > winbind use default domain = no > veto oplock files = /*.mbd/ > large readwrite = no > read raw = no > write raw = no printcap name = /etc/printcap > load printers = no > printing>*Jason Baker >*/IT Coordinator/ > > >*Glastender Inc.* >5400 North Michigan Road >Saginaw, Michigan 48604 USA >800.748.0423 >Phone: 989.752.4275 ext. 228 >Fax: 989.752.4444 >www.glastender.com <http://www.glastender.com> > >-----BEGIN GEEK CODE BLOCK----- >Version: 3.1 >GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? >w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- >r+++ y+++ >------END GEEK CODE BLOCK------_________________________________________________________________ Advertisement: Are you paid what you're worth? Find out: SEEK Salary Centre http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2Fcareer%2Dresources%2Fsalary%2Dcentre%2F%3Ftracking%3Dsk%3Ahet%3Asc%3Anine%3A0%3Ahot%3Atext&_t=764565661&_r=june07_endtext_salary&_m=EXT