Pavan,
Assuming you can id username; pdbedit -Lv username, slapcat, getent passwd,
gentent group etc on the BDC then we can assume that all information is been
replicated and ldap is working.
There is a command used to query what domain controllers are on your
network, nmblookup. I have not used this in a while and cannot remember the
exact command; but because you have a pdc & bdc they register the same
netbios name under 1b & 1c. I'll try to find this out as its very usefull;
from it you can tell how many domain controllers are on a network.
Also remember that you cannot join a machine to a domain when the pdc is
down; you can however login.
Here is my working bdc smb.conf without the shares; it is a copy of the one
from Samba 3 by example.
(Chapter 6)
--------------------------------------------------------------------
[global]
unix charset = LOCALE
workgroup = DDESIGN
netbios name = node2
passdb backend = ldapsam:ldap://127.0.0.1
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
printcap name = CUPS
show add printer wizard = No
logon script = %U.bat
logon path = \\%L\profiles\%U
logon drive = H:
domain logons = Yes
os level = 63
domain master = No
wins server = 192.168.0.2
ldap suffix = dc=ddesign,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
#ldap admin dn = cn=sambaadmin,dc=ddesign,dc=com
ldap admin dn = cn=Manager,dc=ddesign,dc=com
utmp = Yes
idmap backend = ldap://192.168.0.2
idmap uid = 10000-20000
idmap gid = 10000-20000
printing = cups
-----------------------------------------------------
I have idmap backend pointing to the pdc.
Regards,
Adrian Sender.
From: Pavan krishna <[EMAIL PROTECTED]>
To: adrian sender <[EMAIL PROTECTED]>
CC: [email protected]
Subject: Re: [Samba] Promoting Samba BDC to PDC
Date: Fri, 18 Nov 2005 09:49:39 +1100
Hi Adrian,
Thank you for your reply. Yeah i have done what you have described
already, but the problem is that my client machine is not able to detect
the BDC, though my testparm on the BDC shows me no errors. And yes the LDAP
administrative password is stored in secrets.tdb else i cannot join my
client machine to the domain and cannot even make changes to the ldapsam
database with the admindn user.
Do you think i need to add something else on the Samba BDC file, following
are my configuration settings for the BDC using the replicated ldapsam
database.
[global]
workgroup = testdom
interfaces = 127.0.0.1/255.255.255.0 192.168.9.238
printing = cups
printcap name = cups
printer admin = @ntadmin, root, administrator
map to guest = Bad User
security = user
encrypt passwords = yes
allow trusted domains = yes
server string = Samba Server
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody
-s /bin/false %m$
domain master = no
admin users = root
hosts allow=192.168.9. 255.255.255. localhost
remote announce=192.168.9.255
domain logons = yes
preferred master=no
enhanced browsing=yes
local master = yes
unix password sync = no
passwd program = /bin/passwd %u
ldap passwd sync = yes
ldap delete dn = no
pam password change = yes
preferred master = yes
os level = 65
ldap suffix = dc=dart,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
passdb backend = ldapsam:ldap://localhost
netbios name = dartlinux
username map = /etc/samba/smbusers
logon home = \\%L\%U\.profile
logon drive = H:
logon path = \\%L\profiles\%U
logon script = netlogon.bat
wins support = yes
log file = /var/log/samba/log.%m
log level = 5
ldap admin dn = uid=root,ou=People,dc=dart,dc=com
idmap backend = ldap:ldap://localhost
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
thanks,
pavan.
adrian sender wrote:
Hello Pavan
Firstly have you been following the samba guide - Samba 3 by example by
John Terpstra.
Chapter 5.
You must now set the LDAP administrative password into the Samba-3
secrets.tdb file by executing this command:
root# smbpasswd -w not24get
Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
Now you must obtain the domain SID from the PDC and store it into the
secrets.tdb file also. This step is not necessary with an LDAP passdb
backend because Samba-3 obtains the domain SID from the sambaDomain object
it automatically stores in the LDAP backend. It does not hurt to add the
SID to the secrets.tdb, and if you wish to do so, this command can achieve
that:
root# net rpc getsid MEGANET2
Storing SID S-1-5-21-3504140859-1010554828-2431957765 \
for Domain MEGANET2 in secrets.tdb
Regards,
Adrian Sender.
-------------------------------------------------------------------------------
Hi All,
Has any one got an idea of how to make clients automatically find
the BDC when the PDC is stopped. Both PDC and BDC are running by Samba
authenticating again a LDAPSAM backend replicated on both the PDC with
master LDAP database and BDC with replicated LDAP database. But when I
stop PDC the clients are not detecting the BDC broadcast. I can see that
the replication is of the OpenLDAP data is perfect.
Any idea of where i may be wrong??
thankx in advance.
pavan.
---------------------------------------------------------------------------
--
Pavan Krishna L
Systems Administrator
Diversity Arrays Technology Pty Ltd
Ph: +61 2 6281 8512
Fax: +61 2 6281 8533
Mob: +61 423 411 281
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
