We have working Samba 3.0.4 PDC LDAP backend installation with multiple
domains, domain trusts, cross subnet browsing, and cross domain browsing
utilizing a single Samba wins server.  Everything functions as it should,
and all domains are visible in the Network Neighborhood.

Due to the lack of WINS replication with Samba and the nature of the
environment were are deploying samba into, it was decided to use
replicating W2K WINS servers along side Samba.   When the switch to W2K
WINS servers was made in the test environment, we discovered that the
domain records are no longer listed in the browse.dat file of the Samba
PDCs.  As a result, cross domain browsing broke.

Here is the browse.dat with single Samba WINS:
"DOM1"                 c0001000 "DOM1-PDC"                 "DOM1"
"DOM1-PDC"             400d9b2b ""                         "DOM1"
"PC-TEST"              40011003 ""                         "DOM1"
"PC-FILESV1"           40029003 ""                         "DOM1"
"LT-TEST1"             40011003 ""                         "DOM1"
"DOM2"                 80001000 "DOM2-PDC"                 "DOM2"
"DOM3"                 80001000 "DOM3-PDC"                 "DOM3"
"DOM4"                 80001000 "DOM4-PDC"                 "DOM4"

Each PDC's browse.dat looks similar.

Here is the Samba PDC browse.dat with W2K WINS:
"DOM1"                 c0001000 "DOM1-PDC"                 "DOM1"
"DOM1-PDC"             400d9b2b ""                         "DOM1"
"PC-TEST"              40011003 ""                         "DOM1"
"PC-FILESV1"           40029003 ""                         "DOM1"
"LT-TEST1"             40011003 ""                         "DOM1"

I have confirmed that all the appropriate records are listed in the WINS
server.  We have also attempted to list the domain records in the lmhost
file, turn off enchanced browsing, and have upped the log level to
checking for errors all with no success.  Any suggestions would be

smb.conf file of PDC:
# Global parameters
        unix charset = LOCALE
        netbios name = DOM1-PDC
        workgroup = DOM1
        server string =
        interfaces = eth0, lo
        bind interfaces only = Yes
        passdb backend = ldapsam:ldap://dom1-pdc.sub.domain.com
        log level = 3
        syslog = 0
        log file = /var/log/samba/%m.log
        max log size = 50
        smb ports = 139 445
        name resolve order = lmhosts wins hosts
        time server = Yes
        show add printer wizard = No
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/local/sbin/smbldap-userdel "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        logon path =
        logon home =
        domain logons = Yes
        os level = 99
        preferred master = Yes
        domain master = Yes
        wins server =
        ldap suffix = dc=sub,dc=domain,dc=com
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=IDmap
        ldap admin dn = "cn=smb-admin,dc=sub,dc=domain,dc=com"
        idmap backend = ldap:ldap://dom1-pdc.sub.domain.com
        idmap uid = 40000-50000
        idmap gid = 40000-50000
        winbind separator = -
        winbind enable local accounts = No
        winbind enum users = No
        winbind enum groups = No
        map acl inherit = Yes

        comment = Network Logon Service
        path = /home/netlogon
        guest ok = Yes
        locking = No

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to