search for: pdcs

...#39;t want to "rip-out" anything, so we used the trusts to "bind" the domains together - *need* defined as we needed it working ASAP. Personally, I would prefer to keep them separate just for greater user/group control. But, I can also see that I may not *need* the independent PDCs that trust each other, but maybe a PDC and 2 BDCs. I'm looking hard at the latter just so I do not hit any major hurdles when moving to SAMBA. Thinking along those lines I must pose the question: Will a SAMBA BDC function as an NT BDC in that an NT BDC will cache (i.e. store locally) user/gro...

With a single server, settings "security = server" and "password server = pdc1 pdc2', I can successfully authenticate against two entirely different PDCs depending on which order I put the two machines in the 'password server' list. Is there someway of forcing clients from either domain to authenticate against the 'right' pdc, regardless of the order in the 'password server' config? What is the algo for choosing auth server...

Steven Langasek wrote: > Having one PDC and two BDCs also gives you greater > fault-tolerance than > having three domains with a single PDC each. > > Samba+LDAP can give you this fault tolerance; it can't give you trust > relationships today, without a lot of finagling. > > Steve Langasek > postmodern programmer > Steve: I understand the role of/need for the

...main 2) Doesn't require unix accounts for windows users. --James -----Original Message----- From: Collins, Kevin [mailto:KCollins@nesbittengineering.com] Sent: Thursday, November 07, 2002 1:50 PM To: 'James Lamanna'; Collins, Kevin Subject: RE: [Samba] Problems authentication with NT PDCs in security = server (was security = user) James: My best guess (someone correct me if I'm wrong) is that you'll need to have the Samba machine as a member of the NT/2000 domain before it can authenticate against it. This is a Windows issue - and it's by design. Adding a machine to...

...or adding local user accounts. Kevin > -----Original Message----- > From: James Lamanna [mailto:jamesl@appliedminds.net] > Sent: Thursday, November 07, 2002 4:55 PM > To: 'Collins, Kevin' > Cc: samba@lists.samba.org > Subject: RE: [Samba] Problems authentication with NT PDCs in > security = > server (was security = user) > > > The interesting part is that PAM nor the SMB auth plugin for Apache > requires you to be a member of the domain. > > However, the caveat with pam_smb_auth is that you have to have a unix > account for every windows...

Sorry if this is a FAQ but I have tried searching the web and both samba3 books but I can't find the answer. I would like to use a single LDAP server (openldap) to authenticate multiple Samba3 PDCs serving different domains to authenticate Windows XP clients. Ideally I would like an XP client to appear in both domains and the user to get different profiles depending on which domain they logon to. Is this possible and how do I treat SIDs etc? We have Samba3/LDAP working with a single PDC/dom...

Greetings! I have the following configuration: Two PDCs (Samba 3.0.21b) with Fedora Core 4: PDC1 and PDC2. PDC1 trusts PDC2, respectively PDC2 is trusted to PDC1. I join an XP workstation to PDC2. After restart i can see both domains in the login screen domain combo box. I can logon to PDC2 , but not to PDC1, since...

...Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. > -----Original Message----- > From: James Lamanna [mailto:jamesl@appliedminds.net] > Sent: Thursday, November 07, 2002 2:16 PM > To: samba@lists.samba.org > Subject: [Samba] Problems authentication with NT PDCs in security = > server (was sercurity = user) > > > I wanted to avoid having to create a machine account on the PDC and > having UNIX accounts for everyone. > > > > Try: > > > security = domain > > password server = network name of dc > > encrypt...

Hello, I have a rather experimental question to ask. I know that under standard circumstances, that you cannot have multiple PDC for a single domain, as they will conflict with each other. I am dealing with a case of a school district, where there are multiple buildings.There are T-1s that tie together each of the buildings, then a bonded T-1 grants access to the internet through the main admin

...rowsers' http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html#id2564901 > Configuring a Samba box as a domain controller for a domain that already by definition has > a PDC is asking for trouble. I understand that probably the problem gets fixed by the fact that all PDCs will use the same backend (LDAP), but I want to be sure that I don't have problems in the network nor broadcasts storms. If the problem is related to the Master Browser election can I solve it simply configuring different values for os level en each server? Please, if I don't explain well...

Hi all, Unfortunately, due to the fact that Samba can't yet handle domain trust relationships with other NT domains, I'm forced to use an NT PDC for now. However, since I've recently moved my entire user base over to Unix accounts for e-mail purposes, I'd really rather not have to deal with creating new accounts for them all. Does anyone know if it is possible to have NT

Hi all, I got a new assignment today. My task is to install LDAP instead of NIS in our network, consisting of Solaris, Linux and W2k. Our actual setup is like this: Accounts are kept on a Solaris-server and served with samba and NFS. Two PCs serve as PDCs, running NOT samba on unix but a real W2k. Special MS-PAM-modules on the Solaris-server are used to synchronise accounts and passwords with those PDCs. This is not a nice setup and I would like to get rid of it. When moving from NIS to LDAP I could keep this setup by swapping NIS with LDAP and kee...

Hi @ll, as i had setup a vpn ( openvpn ) and have wins browse working nice between the 2 subnets i wanted to setup a interdomain trust. I did smbpasswd -a -i ... the trustaccount was created. but net rpc trustdom establish robowarp results in [2004/02/04 02:58:09, 0] utils/net_rpc.c:rpc_trustdom_establish(1789) Couldn't find domain controller for domain ROBOWARP for sure i checked all

Hello Here is my potential problem: my company (HQ) has 3 branches in three different cities. Each branch have its own domain (PDC), each domain have different SID value but users are authorized in one LDAP directory. Nowadays we have four trees in our LDAP. It's really hard to maintain about 600 users at all. Some of them have entries in all trees, etc.... Question is: is it possible

Hello I makeing a Domain Controller with Samba (v3.0.33) and LDAP (v2.4). I will install a PDC in the headquarter and a BDC in the subsidiary of the company that I work. The PDC and the BDC will have his own LDAP data base. I just install the PDC without problems and my next step is to install the BDC. I configured the LDAP that work in multi master mode. I made some test and the LDAP works

Hi Igor, Once again, thanks for keeping up with me. I have been migrating my master ldap server to 2.1 version so to keep it the same with the PDCs version of LDAP. Now they are the same. I have rectified such that "wbinfo -u" on both sides worked now. I am made "net rpc trustdom list" worked. It was not working before. I had to put "stuadmin = root" in the student PDC's smbusers file. And I had to p...

Hi there, I have a really ugly problem, which, as I know is partially selfmade. But to the problem: I have five servers running samba-2.2.3a-12 (latest Debian Woody release) which are controlled by one master server. All of the five servers act as pdc for an own nt-domain. Now to keep the administrative work as low as possible I have this one master server. Via this server we/our customer

Like many, I administer multiple LANs connected together using NT trust relationships. This was implemented about 4 years ago. I now have the occasion to consider performing this same task again, but this time, I would like to implement it solely through samba - no Microsoft PDCs anywhere. I have read documentation on samba.org regarding NT-style trust relationships and am now wondering, can I do what I want to? I already have successfully implemented 2 samba servers, but they are not PDCs. They merely act as file servers. I seem to remember, and it appears to be true (...

...office Network A: 172.16.1.0/24 Domain A: home gate.office and gate.home are the respective networks' NAT gateways connecting to the internet over ADSL lines. The private IP spaces are connected to each other via an ipsec tunnel between those two gateway boxes. pdc.office and pdc.home are the PDCs and WINS servers for domains office and home respectively (in the case of home the same box as the gateway). In reality they are not called pdc.*, so there are no name clashes in the entire WAN even if removing the domain names. Normal IP services work fine and SMB networking accross the tunnel wo...

...SMBDOM so that users on NTDOM joined PC's can connect and login to both networks, but those connected to SMBDOM can only login to SMBDOM domain, not both domains as NTDOM connected PC's can do. The problem itself (if you can call it a problem) is this : I have a selection of users on both PDCs. The user I am testing with this is called 'keith', he exists on both PDCs but has different passwords. Is a Domain User on both PDCs, has permissions to both his profile share and home-directory share on both PDCs. On the UNIX side, he is a member of UNIX group 'users' which maps...