Greetings, I have a Suse 9.3 server running 3.0.9 as a PDC, using OpenLDAP as the passdb and idmap backend. I also have a 3.0.9 server set up as an OpenLDAP slave, but it only serves files. I decided that I'd like to set this other server up to service logins as well. When I add the "domain logons = yes" in this server's smb.conf file, I get some rather strange behavior.
Many users experience no problems whatsoever and logons are a little speedier (to be expected). Other users, on the other hand, are able to log in, but after their profile has loaded, they are informed that a domain controller could not be contacted and changes to their profile will not be saved. Note that this occurs AFTER the profiles has loaded - the user is at the desktop, with all their icons when a modal dialog box gives them this error. Even stranger, the %logonserver% environment variable is set to the PDC! When I set "domain logons = no" on the BDC, everything behaves properly. Every user has the sambaProfilePath explicitly set in the LDAP directory. Also logon home and logon path are set the same on both PDC and BDC. 'pdbedit -v' outputs the exact same information whether run on PDC or BDC. I can't understand why some users have this experience and some do not. I do not, however, have a profiles share set up on the BDC. In reading the "By Example" book, it does not explicitly state that I must have it set, however the "500 user office" BDC does have a profiles share. I'm wondering if BDCs need a profiles share, even if it only shares an NFS export from the PDC. Is that the case? I have one other possibility. Since the BDC was not alwasy a BDC, it had its own SID for most of its life. While I did do a "net rpc getsid" and a "net rpc join", the old sid still appears in the secrets.tdb along with the new sid. I'm thinking of erasing the .tdb files and starting over - could smbd be reading the wrong SID and thus somehow cause the problem? Many thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba