Master browser election in AD

Nethserver 7.9

hi everyone, i can’t understand why a windows pc being accredited on neth7 in AD, forces the election as master browser. On AD-accredited linux machines, I had to change the samba directives to stop them from being master browsers. Am I wrong but neth7 being a Domain controller should prevent this?

mb

@france

Hi

AFAIK, this is a problem of your AD Linux clients… They have the wrong setting!
Don’t forget, Samba was programmed to replicate the Windows File Services of a Server, not a client. But if you didn’t adapt the config file, who is? NethServer? No, not possible…

My 2 cents
Andy

Hi Andy, all pc have join with nsdc-neth7.ad.internal2.lan. I have installed the file sharing for what concerns neth7.internal2.lan. What do you mean impossible?
(upload://2hb4G5VnrQeHqxMoPrmHnHjMXwa.png)

4 5
1

@france

It is not possible for an AD, no matter if Linux or Windows, to change the samba config of a client.
If you have the wrong default values, it will not change itself…

But nothing stops you from changing that “master browser” and domain level value… :slight_smile:

BTW: Using .local or .lan is a bit an “old” setting - as of now 8 years, Microsoft suggests to use a subdomain of the realdomain, eg:

Realdomain: domain.it
AD: ad.domain.it

Not easy to change now, but next time you set up an AD… :slight_smile:

My 2 cents
Andy

Andy I am attaching the linux file type. But if you tell me that this is not possible all this, as you have seen from the photos where is the mistake? What did I do wrong? What can I check?

Hi

Here is a rich load of infos…

https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html

local master = no
domain master = no

are both correct.

local master (G)

This option allows nmbd(8) to try and become a local master browser on a subnet. If set to no then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By default this value is set to yes . Setting this value to yes doesn’t mean that Samba will become the local master browser on a subnet, just that nmbd will participate in elections for local master browser.

Setting this value to no will cause nmbd never to become a local master browser.

Default: local master = yes


You may also need to set this:

SERVER ROLE = MEMBER SERVER

(Not auto!)


SECURITY = ADS

In this mode, Samba will act as a domain member in an ADS realm. To operate in this mode, the machine running Samba will need to have Kerberos installed and configured and Samba will need to be joined to the ADS realm using the net utility.

Note that this mode does NOT make Samba operate as a Active Directory Domain Controller.

Note that this forces require strong key = yes and client schannel = yes for the primary domain.


My 2 cents
Andy

Ok Andy, the reason why I have inseritor security = auto and not ADS because in the latest versions of linux mate ubuntu or other it goes into error. The security = ADS directive works fine on centos 7, antix, ubuntu 18. As you can see from the image by changing the directives as per your error indications!

1 Like

I use mainly Debian - also as a Workstation OS…
With Deb10, I haven’t yet been able to join NethServer AD. True, i haven’t put in much effort to join…

But needs another try - this Weekend…
I’ll give some feedback.

My 2 cents
Andy

Ok Andy let me know, to technically understand the problem. Thanks as usual for responding!

1 Like

Andy, although an old post I tried and it seems to work!
11 12

1 Like