Daniel Müller
2008-Sep-18 08:10 UTC
WG: WG: [Samba] Strange!!! Clients only log on to samba bdc
When I stop the BDC all clients log on to the PDC. And to my confusion
when I restarted the BDC today and made a testparm on both PDC and BDC
both showd role domain pdc --> Server role: ROLE_DOMAIN_PDC
Here my smb.confs:
PDC:
[global]
security=user
smb ports = 139
logon script = logon.bat
logon path = \\%L\%U\profile\%U
logon drive = S:
domain logons = Yes
os level = 254
preferred master = Yes
domain master = Yes
wins server = 192.168.135.150 #this is a smbd4wins server
running on the same
machine
BDC:
[global]
security=user
smb ports = 139
logon script = logon.bat
logon path = \\%L\%U\profile\%U
logon drive = S:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = No
wins server = 192.168.135.150
-----Urspr?ngliche Nachricht-----
Von: Michael Heydon [mailto:michaelh@jaswin.com.au]
Gesendet: Donnerstag, 18. September 2008 09:46
An: mueller@tropenklinik.de
Cc: samba@lists.samba.org
Betreff: Re: WG: [Samba] Strange!!! Clients only log on to samba bdc
Daniel M?ller wrote:> Suddenly all clients log on to my BDC not longer to the PDC.
>
What happens if the BDC is unavailable (You could simulate this by
setting up iptables rules to drop all traffic from a given workstation)?
The way I understand it, workstations will use what ever DC is
"closest"
to them. If the PDC is taking longer to respond or something then they
may consider the BDC to be the best choice.
*Michael Heydon - IT Administrator *
michaelh@jaswin.com.au <mailto:michaelh@jaswin.com.au>
Daniel Müller
2008-Sep-24 05:55 UTC
WG: WG: [Samba] Strange!!! Clients only log on to samba bdc
Ist there no one concerning this behaviour?
I did my setup following the man pages.
There must be a serious bug in samba 3.031.
Daniel
-----Urspr?ngliche Nachricht-----
Von: Daniel M?ller [mailto:mueller@tropenklinik.de]
Gesendet: Donnerstag, 18. September 2008 10:11
An: 'samba@lists.samba.org'
Betreff: WG: WG: [Samba] Strange!!! Clients only log on to samba bdc
When I stop the BDC all clients log on to the PDC. And to my confusion
when I restarted the BDC today and made a testparm on both PDC and BDC
both showd role domain pdc --> Server role: ROLE_DOMAIN_PDC
Here my smb.confs:
PDC:
[global]
security=user
smb ports = 139
logon script = logon.bat
logon path = \\%L\%U\profile\%U
logon drive = S:
domain logons = Yes
os level = 254
preferred master = Yes
domain master = Yes
wins server = 192.168.135.150 #this is a smbd4wins server
running on the same
machine
BDC:
[global]
security=user
smb ports = 139
logon script = logon.bat
logon path = \\%L\%U\profile\%U
logon drive = S:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = No
wins server = 192.168.135.150
-----Urspr?ngliche Nachricht-----
Von: Michael Heydon [mailto:michaelh@jaswin.com.au]
Gesendet: Donnerstag, 18. September 2008 09:46
An: mueller@tropenklinik.de
Cc: samba@lists.samba.org
Betreff: Re: WG: [Samba] Strange!!! Clients only log on to samba bdc
Daniel M?ller wrote:> Suddenly all clients log on to my BDC not longer to the PDC.
>
What happens if the BDC is unavailable (You could simulate this by
setting up iptables rules to drop all traffic from a given workstation)?
The way I understand it, workstations will use what ever DC is
"closest"
to them. If the PDC is taking longer to respond or something then they
may consider the BDC to be the best choice.
*Michael Heydon - IT Administrator *
michaelh@jaswin.com.au <mailto:michaelh@jaswin.com.au>
Daniel Müller
2008-Sep-24 08:32 UTC
WG: WG: [Samba] Strange!!! Clients only log on to samba bdc
This is the strange thing I have set on the BDC Security=user Domain logons=yes Domain master= no <--- not yes!!! Os level=190 Preferred master=no And when I do a testparm it results Role Domain PDC???!! -----Urspr?ngliche Nachricht----- Von: Alex Harrington [mailto:alex@longhill.org.uk] Gesendet: Mittwoch, 24. September 2008 09:25 An: mueller@tropenklinik.de; samba@lists.samba.org Betreff: RE: WG: [Samba] Strange!!! Clients only log on to samba bdc> Ist there no one concerning this behaviour? > I did my setup following the man pages. > There must be a serious bug in samba 3.031.As I understand it, clients will prefer logging on to a BDC over a PDC, and then use whichever responds quickest, so certainly all the clients should not be logging in to one box or other - and probably least likely to log on to the PDC of the two options. I know that we see about a 60/40 split logins to BDC/PDC. I don't think you should have domain master = yes set on the BDC. Here's the settings from my BDC [global] netbios name = CORE02 server string = Longhill BDC (%v,%h) workgroup = LONGHILL interfaces = 10.108.1.8/255.255.255.0 name resolve order = host bcast wins os level = 65 domain master = no domain logons = yes local master = no preferred master = no guest ok = yes wins server = 10.108.1.32 Hope that helps Alex
Alex Harrington
2008-Sep-24 08:47 UTC
WG: [Samba] Strange!!! Clients only log on to samba bdc
> This is the strange thing I have set on the BDC > > Security=user > Domain logons=yes > Domain master= no <--- not yes!!! > Os level=190 > Preferred master=no > > And when I do a testparm it results Role Domain PDC???!!Can you post again exactly the global section from both PDC and BDC. Several other settings have changed between your two posts which makes it impossible to know exactly what the situation is! Thanks Alex
Daniel Müller
2008-Sep-24 10:55 UTC
WG: WG: [Samba] Strange!!! Clients only log on to samba bdc
This is the global section of my PDC:
[global]
workgroup = tuepdc.local
netbios name = tuepdc
enable privileges = yes
bind interfaces only=true
interfaces = 192.168.135.143/24 127.0.0.0/8
socket address= 192.168.135.255
profile acls=Yes
hosts allow=127.0.0.1 192.168.133.0/24 192.168.134.0/24 192.168.132.0/24
192.168.135.0/24
hosts deny=0.0.0.0/0
server string = tuepdc.local MasterServer %v
admin users=root, administrator, vollmar
encrypt passwords = Yes
ldap passwd sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
##debugging and logging
log level = 0 vfs:[012]
log file=/system/log/%U.%m.log
syslog = 0
max log size = 3000
time server = Yes
read raw=yes
write raw=yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-15
display charset=ISO8859-15
logon script = logon.bat
logon drive = S:
#logon home = \\%L\homes nur fuer winxx me
logon path #logon path = \\%L\%U\profile\%U
security=user
domain logons = Yes
domain master = Yes
browse list=true
os level = 254
preferred master = Yes
wins support = no
#neuer wins server auf der virtuellen ip auf tuepdc eth0:2
wins server=192.168.135.150
#wins proxy=yes
dns proxy=yes
host msdfs=yes
smb ports = 139
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=tuepdc,dc=local
ldap suffix = dc=tuepdc,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy
"%u"
delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g'
'%u'
idmap uid=15000-20000
idmap gid=15000-20000
ldap ssl=no
#vista compatibility
client lanman auth=no
client ntlmv2 auth=yes
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = Yes
map acl inherit= Yes
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
And here ist the BDC s: !!!!!!!!!!!!!!!!!!!!!!!!
[global]
workgroup = tuepdc.local
netbios name = tuebdc
enable privileges = yes
interfaces = 192.168.135.144/24 127.0.0.0/8
bind interfaces only=true
profile acls=Yes
hosts allow=127.0.0.1 192.168.133.0/24 192.168.134.0/24 192.168.132.0/24
192.168.135.0/24
hosts deny=0.0.0.0/0
large readwrite=no
max xmit=166644
server string = tuebdc.local BackupServer %v
admin users=root, administrator, vollmar
encrypt passwords = Yes
ldap passwd sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
##debugging and logging
log level = 0 vfs:[012]
log file=/system/log/%U.%m.log
syslog = 0
max log size = 3000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-15
display charset=ISO8859-15
logon script = logon.bat
logon drive = S:
#logon home = \\%L\homes nur fuer winxx me
logon path #logon path = \\%L\%U\profile\%U
security=user
#security=domain
domain logons = Yes
domain master = No #mu?? als pdc auf yes gesetzt werden
os level = 190
preferred master =no
wins support = no
wins server=192.168.135.150
dns proxy=yes
host msdfs=yes
smb ports=139
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=tuepdc,dc=local
ldap suffix = dc=tuepdc,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/local/sbin/smbldap-useradd -A 1 -B 1 -m -k /dummy
"%u"
delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g'
'%u'
idmap uid=15000-20000
idmap gid=15000-20000
ldap ssl=no
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = Yes
map acl inherit= Yes
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
And on both machines testparm gave me Role Domain PDC
-----Urspr?ngliche Nachricht-----
Von: Alex Harrington [mailto:alex@longhill.org.uk]
Gesendet: Mittwoch, 24. September 2008 10:42
An: mueller@tropenklinik.de; samba@lists.samba.org
Betreff: RE: WG: [Samba] Strange!!! Clients only log on to samba bdc
> This is the strange thing I have set on the BDC
>
> Security=user
> Domain logons=yes
> Domain master= no <--- not yes!!!
> Os level=190
> Preferred master=no
>
> And when I do a testparm it results Role Domain PDC???!!
Can you post again exactly the global section from both PDC and BDC. Several
other settings have changed between your two posts which makes it impossible to
know exactly what the situation is!
Thanks
Alex