Dear vandal By setting *os level* higher i think we can give preference to one server.
Thanks On Tue, Nov 17, 2009 at 4:18 AM, Gaiseric Vandal <[email protected]>wrote: > There was an incorrect entry in smb.conf on BDC1 which mean it was not > registering in WINS as a bdc. According to the Samba How To documentation, > all other things being equal, Windows clients will use a bdc rather than a > pdc. > > Now when I logon, I may get any of the three domain controllers. When I > get BDC1 (Samba 3.0.37) I don't seem have problems. > > > > > So my following problems remain: > Can I adjust some variable so that one DC is more likely to be used by > windows clients than another? > Why does Samba 3.4.3 not seem to handle domain groups as members of > local groups? > > > If I connect from XP Pro client GATES > > [2009/11/16 17:34:46, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user []...@[gates] > with t > he new password interface > [2009/11/16 17:34:46, 3] auth/auth.c:225(check_ntlm_password) > check_ntlm_password: mapped user is: [domain]...@[gates] > ... > > > It also looks like I may not get the same logon server each time I logon- > so I guess my PC could have authenticated against one DC, and I could > authenticate against another. > > > Thanks > > > > > On 11/13/09 19:04, Gaiseric Vandal wrote: > >> Setting "announce version = 4.5" in smb.conf on BDC2 did not change >> anything. (The other samba domain still use 4.9 as the default version.) >> Windows clients will still connect to BDC2 (if it is running.) On each >> DC, net getdomainsid and getlocalsid show that the local sid on each >> machine is the domain sid. >> >> >> BDC2# net getdomainsid >> SID for local machine BDC2 is: S-1-5-21-xxx-xxx-x99 >> SID for domain DOMAIN is: S-1-5-21-xxx-xxx-x99 >> >> BDC2# net getlocalsid >> SID for domain BDC is-xxx-xxx-x99 >> BDC2# >> >> >> Pdbedit -Lv, wbinfo -u and wbinfo -g all seem to give the same results >> >> Also >> >> BDC# wbinfo -t >> checking the trust secret via RPC calls succeeded >> >> >> Thanks >> >> -----Original Message----- >> From: Gaiseric Vandal [mailto:[email protected]] >> Sent: Friday, November 13, 2009 12:48 PM >> To: [email protected] >> Subject: DC priority, BDC prob with domain groups >> >> I have the following setup: >> PDC: Samba 3.0.37 on Solaris 10 >> BDC1: Samba 3.0.37 on Solaris 10 >> BDC2: Samba 3.4.3 on Solaris 10 >> >> >> Samba 3.0.37 is the bundled version of Samba. >> Samba 3.4.3 is compiled from source. >> >> BDC2 is a recent addition to the network. >> All machine use LDAP as the backend for everything. They use winbind to >> handle a domain trust with another domain, but otherwise isn't needed. >> >> If I start samba on BDC2 and logon to an XP (or Win 2003) Machine, the >> logon will be to BDC2. This can be verified with echo >> %logonserver%. Rebooting the XP machine is probably not necessary to >> see this. >> >> If I login as the domain administrator, I am effectively not considered >> a member of the local administrator group. If I look at the local >> Administrator group I will see the DOMAIN/Administrators as members. >> But I am unable to install software, see all local files, add users to >> local groups etc. >> >> >> "OS level" on all three DC's was not explictly set, so was 20 by >> default. I changed BDC2 to "os level=0" and set the PDC to "os >> level=33." I did not restart samba on PDC. It seems to be a browsing >> issue. >> >> I still logon to BDC2. >> >> So I have two issues: >> >> 1- How to make sure that the PDC (or PDC and BDC1) use used in >> preference to BDC2. I assume that something about BDC2 having a newer >> ver of samba is getting it priority. >> >> >> 2. What is wrong with the domain members in local users group. This >> may be a BDC config in general issue (and I just never found it because >> BDC1 never took precendence over PDC) or it may be something to do with >> Samba 3.4.x vs 3.0.x. >> >> >> >> >> Thanks >> >> >> >> >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
