Hi all,
I'm rather new to samba and trying to deploy a PDC/BDC Setup for our
company.
Got some books and the manpages here to help me :)
The config-files are attached at the end of this mail. Used Samba is 3.2.7-11.6
on a SLES11 system.
The PDC is running as ROLE_DOMAIN_PDC says testparm, the BDC as
ROLE_DOMAIN_BDC.
Both DCs use a LDAP (OpenLDAP 2.4.12-7) for user authentication.
The LDAP system is also setup redundant, both sambas are using the primary
one. On both samba systems the smb and nmb daemons are running.
Question One: If I use the "nmblookup" TESTRZ command I get a response
from
the BDC System. Shouldn?t the PDC be the one answering?
Question Two: If I connect the a share with my Ubuntu workstation I get a
connection without a problem. If I go to a Windows XP machine and open the
network, I can see the domain with the PDC and BDC inside. But only the BDC
can be accessed. If I try to open the PDC I get an error message about not
enough rights to access this resource.
I used old config files from our running samba system and tried to modify them
for a PDC/BDC setup. There might be some options in it which are outdated
today.
Best regards and thanks a lot for the help,
Florian G?tz
smb.conf (PDC)
===================================[global]
# General Server Settings
# -------------------------------------------------------------
#include = /etc/samba/dhcp.conf
workgroup = TESTRZ
server string = RZ Test Samba 143
interfaces = x.x.x.143/255.255.255.0 127.0.0.1/255.0.0.0
guest account = nobody
netbios name = PDC-TEST
os level = 25
preferred master = Yes
wins support = Yes
preserve case = yes
short preserve case = yes
case sensitive = no
nt acl support = no
deadtime = 10
time server = yes
dont descend = /proc,/dev/etc/lib/lost+found,initrd
Dos charset = 850
Unix charset = UTF8
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = Yes
domain master = Yes
# Logon options
# --------------------------------------------------------------
map to guest = Bad User
logon path = \\%L\profiles
logon home = G:
logon drive = G:
#usershare allow guests = Yes
username map = /etc/samba/smbusers
security = user
encrypt passwords = yes
mangling method = hash2
unix password sync = yes
passwd program = /etc/smbldap-tools/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n
"*Retype
new passw$
enable privileges = yes
# LDAP Stuff
#---------------------------------------------------------------------
passdb backend = ldapsam:"ldap://127.0.0.1"
idmap backend = ldap:ldap://127.0.0.1
ldap admin dn = cn=admin,dc=example,dc=de
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=example,dc=de
ldap user suffix = ou=Users
add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
add machine script = /etc/smbldap-tools/smbldap-useradd -t 0 -w
"%u"
add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
add user to group script = /etc/smbldap-tools/smbldap-groupmod
m"%u""%g"
delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x
"%u" "$
set primary group script = /etc/smbldap-tools/smbldap-usermod -g
'%g'
'%u'
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody
-s /bin$
<some shares here>
smb.conf (BDC):
==========================================same as above, only these columns are
different:
domain master =no
netbios name = BDC-TEST
----------------------------------------------------------------------------------------
Dipl.-Inf. (FH) Florian G?tz
Rechenzentrum Hochschule Mannheim
Paul-Wittsack-Stra?e 10
68163 Mannheim
Tel: 0621/292-6569
EMail: f.goetz@hs-mannheim.de
Internet: rz.hs-mannheim.de
-----
On Tue, May 26, 2009 at 6:47 PM, Florian G?tz <f.goetz@hs-mannheim.de> wrote:> Hi all, > > I'm rather new to samba and trying to deploy a PDC/BDC Setup for our company. > Got some books and the manpages here to help me :) > The config-files are attached at the end of this mail. Used Samba is 3.2.7-11.6 > on a SLES11 system. > > The PDC is running as ROLE_DOMAIN_PDC says testparm, the BDC as > ROLE_DOMAIN_BDC. > Both DCs use a LDAP (OpenLDAP 2.4.12-7) for user authentication. > > The LDAP system is also setup redundant, both sambas are using the primary > one. On both samba systems the smb and nmb daemons are running. > > > Question One: If I use the "nmblookup" TESTRZ command I get a response from > the BDC System. Shouldn?t the PDC be the one answering?Are your both DC wins servers? I guess there should be only one, the other pointing to the first one with directive "wins server =". If both servers are on the same subnet, then "master browser " directives should not conflict between each other. These were my guesses, I may be wrong.> Question Two: If I connect the a share with my Ubuntu workstation I get a > connection without a problem. If I go to a Windows XP machine and open the > network, I can see the domain with the PDC and BDC inside. But only the BDC > can be accessed. If I try to open the PDC I get an error message about not > enough rights to access this resource.More info from log files is needed in this case. I saw you have 127.0.0.1 as your ldap servers in both DC, could be problem with user databases inconsistence. Set BDC to look at ldap server on PDC temporally to debug. Liutauras