LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-30-2006, 04:14 PM   #1
customseven
LQ Newbie
 
Registered: Nov 2006
Posts: 3

Rep: Reputation: 0
Samba 3.0.22 Local Profiles Inconsistent with BDC


Hello,

This is my first post, apologies for any potential logic gaps.

I've recently deployed a Samba 3.0.22 BDC with LDAP. Our current PDC is running Samba 3.0.23d Tdbsam. (My future goal is to move to a completely LDAP system, this is an intermediate step)

We don't use roaming profiles.

The problem is: When a user logs on through the BDC instead of the PDC, they get a new local profile instead of the original local profile they've been for a while now. If the user authenticates via the PDC, they are logged on with their original profile. How do I get it so that the user gets the same profile regardless of logging onto the BDC or PDC.

It appears that re-joining the client to the domain solves this issue, but I don't have the time to go through to the 300+ machines by myself.

I suspect the problem might be a flawed migration between the PDC and BDC. My migration simply takes all the information given by 'pdbedit -Lv' and for each entry adds a new user by smbldap-useradd on the BDC machine. I've also hacked the smbldap-useradd script to allow me to copy over the NT and LM password hashes so users can log on to the BDC without having to rejoin the domain. I was also careful to preserve logon scripts, profile paths, but SID's are different for users.

Any ideas what the problem might be? How does the client XP machine even know it's logged onto a different server?

I've attached the smb.conf and smbldap.conf for the BDC below

Thanks in advance!
Jack C Yu
A Hungry Undergrad of UCB

---------------------------------------
BDC smb.conf:

[global]
unix charset = ISO8859-1
workgroup = CNR-DOM2
server string = G42-6 Samba PDC (with LDAP) [Gentoo Linux - Samba %v]
interfaces = eth0
bind interfaces only = Yes
passdb backend = ldapsam:ldap://localhost
enable privileges = Yes
log level = 2
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins host lmhosts
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /etc/samba/scripts/addMachine.sh u a -m "%u"
delete user script = /etc/samba/scripts/addMachine.sh u d "%u"
add group script = /etc/samba/scripts/addMachine.sh g a -p "%g"
delete group script = /etc/samba/scripts/addMachine.sh g d "%g"
add user to group script = /etc/samba/scripts/addMachine.sh g m -m "%u" "%g"
delete user from group script = /etc/samba/scripts/addMachine.sh g m -x "%u" "%g"
set primary group script = /etc/samba/scripts/addMachine.sh u m -g "%g" "%u"
add machine script = /etc/samba/scripts/addMachine.sh u a -w "%u"
logon path =
logon home =
domain logons = Yes
os level = 65
preferred master = No
domain master = No
dns proxy = No
wins server = 128.32.253.219
ldap admin dn = cn=samba,ou=DSA,dc=cnr,dc=berkeley,dc=edu
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=cnr,dc=berkeley,dc=edu
ldap ssl = start tls
ldap timeout = 30
ldap user suffix = ou=People
passdb expand explicit = No
idmap backend = ldap://localhost
idmap uid = 10000-30000
idmap gid = 10000-30000
hosts allow = 128.32.175.0/255.255.255.0, 128.32.251.0/255.255.255.0, 128.32.253.192/255.255.255.192, 128.32.179.0/255.255.255.0, 128.32.113.0/255.255.255.128, 128.32.76.0/255.255.255.224, 128.32.85.0/255.255.255.0, 128.32.27.0/255.255.255.0, 128.32.222.128/255.255.255.128, 128.32.127.0/255.255.255.0, 128.32.88.0/255.255.255.0, 128.32.128.0/255.255.255.0, 128.32.236.0/255.255.255.0, 128.32.140.0/255.255.255.128, 128.32.129.192/255.255.255.192, 128.32.110.0/255.255.255.0, 199.133.139.0/255.255.255.0, 136.152.0.0/255.255.0.0, 128.48.164.0/255.255.255.0, 128.32.218.128/255.255.255.128, 128.32.8.0/255.255.255.0, 169.229.13.0/255.255.255.192, 169.229.61.0/255.255.255.128, 169.229.159.0/255.255.255.192, 169.229.136.192/255.255.255.192, 169.229.197.128/255.255.255.192, 128.32.188.0/255.255.255.128, 128.32.54.64/255.255.255.192, 127.0.0.0/255.255.0.0
hide unreadable = Yes

[netlogon]
path = /var/lib/samba/netlogon
browseable = No


--------------------------------------------------------
BDC smbldap.conf

SID="S-1-5-21-1668661-2091613485-1446904402"
sambaDomain="CNR-DOM2"
slaveLDAP="128.32.175.76"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="1"
verify="require"
cafile="/etc/openldap/ssl/certs/ca.pem"
clientcert="/etc/openldap/ssl/certs/smb-ldap.pem"
clientkey="/etc/openldap/ssl/keys/smb-ldap.key"
suffix="dc=cnr,dc=berkeley,dc=edu"
usersdn="ou=People,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=CNR-DOM2,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format=""
userLoginShell="/bin/false"
userHome=""
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="3650"
userSmbHome=""
userProfile=""
userHomeDrive=""
userScript=""
mailDomain=""
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
 
Old 12-01-2006, 03:15 AM   #2
eendoe
LQ Newbie
 
Registered: Sep 2003
Location: Australia
Distribution: Smooth, Deb, Ubu, KNX, RH mainly
Posts: 25

Rep: Reputation: 15
suggestion

both servers need identical

profile path = ......


directives (point to same resource (not same path on different systems)


Good Luck
 
Old 12-01-2006, 03:52 PM   #3
customseven
LQ Newbie
 
Registered: Nov 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks eendoe,

Wouldn't specifying a profile path = ... directive to some shared resource be implementing roaming profiles? Or is there no way to avoid roaming profiles when one wants to have a BDC and PDC together?
 
Old 12-01-2006, 04:14 PM   #4
eendoe
LQ Newbie
 
Registered: Sep 2003
Location: Australia
Distribution: Smooth, Deb, Ubu, KNX, RH mainly
Posts: 25

Rep: Reputation: 15
Smile misread question

sorry, i misread your question, i thought that you wanted identical roaming profiles from both DC's.

Have a look in documents and settings on your windows hosts.

1.
You will most likey see profile names starting with different servers/netbios domains. This will give you an indication of what is happening.

2. I'm not sure if you can override these with a client path?
profile path = C:\Document and Settings\%U (probrably won't work.

3. I suspect the root of your issues caused by this;

"but SID's are different for users"

Try implementing a fully centralised user authentication (point your PDC to the LDAP database)



Good luck
 
Old 12-18-2006, 04:18 PM   #5
customseven
LQ Newbie
 
Registered: Nov 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Ok, problem fixed =]

Turns out I was running two different versions of Samba on the servers. Updated both servers to run Samba 3.0.23d and all works well.

Also, I made sure that I had the same SID's for all users on both machines.

I made a note that it is much easier to use pdbedit -e tdbsam:filename from the source machine and then do pdbedit -i tdbsam:filename on the machine I'm migrating to.

Thanks again eendoe,
Jack
 
Old 12-19-2006, 05:43 AM   #6
eendoe
LQ Newbie
 
Registered: Sep 2003
Location: Australia
Distribution: Smooth, Deb, Ubu, KNX, RH mainly
Posts: 25

Rep: Reputation: 15
You deserve all the kudos here my friend. Bliss.
 
  


Reply

Tags
linux, networking, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
inconsistent response to netbios aliases on samba 3.0.22 and 3.0.19.4E.9 mihaisofti Linux - Server 1 09-18-2006 06:12 PM
how to have local ldap backends for pdc and bdc and syncronice procfs Linux - Security 0 07-17-2006 07:33 AM
Local Profiles from SAMBA 3.0 wyndman Linux - Newbie 1 03-01-2006 04:07 PM
samba PDC <-> BDC saavik Linux - Networking 3 08-18-2004 11:30 AM
Linux PDC using Samba with NT 4 servedr BDC ??? TechnoBod Linux - Networking 3 02-11-2003 10:08 PM


All times are GMT -5. The time now is 03:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration