Mikko Kortelainen wrote: > > >> We have Samba (2.2.5) running on three servers, each in a different > >> subnet. One of them is a PDC (domain master = yes). The Samba PDC is > > >> also the NIS master. The smbpasswd is replicated using rsync to the > >> other machines that act as Samba BDCs (domain master = no). They are > >> also NIS slave servers. The smbpasswd synchronization takes place > >> automatically every time smbpasswd is updated, and the NIS maps are > >> updated and pushed automatically to the slaves whenever a machine > >> joins the domain. > > >> Anybody have any ideas or suggestions? Where should I start > debugging? > > > Check that the domain SID is the same. Sync secrets.tdb, or use the > > new smbpasswd option (2.2.6) to 'suck' the SID from PDC to each BDC. > > I understood that you can't just copy the secrets.tdb to the BDCs, > because it contains some host specific information. I've ran "smbpasswd > -S <domain>" on both BDCs before starting smbd on them (It seems that if > you start smbd on the local host with option "workgroup = <the domain, > the sid of which you're trying to retrieve>" in smb.conf, and run > smbpasswd -S after that, it will retrieve the sid from the local smbd. > At least in my configuration where the PDC is in a different subnet...?)
certainly in HEAD's varient of this command, you can specify the host - try the -r option. > Anyhow, I checked the secrets.tdb databases, and the 48 bytes following > the string "SECRETS/SID/<domain>" match on every host (and more, there's > a lot of zeroes). I'm not sure it that's the right place to look? Is > there a way of printing out the domain SID in cleartext? tdbtool can help there. > Plus, shouldn't the other OSes complain also, if my domain SIDs were > wrong? But it's just the NT4. What does it do differently than W2k and > WXP...? Hmm, that's werid - it should affect any host that contacts the 'wrong' DC. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
