Trying to improve DC location & browsing performance for the average user

who doesn't know what an LMB or DMB is.

* check_master_browser_exists now performs the check the first time
around, so if there is indeed no master browser then Samba takes up the job
much faster.

* Upped default OS level to 32. There is no reason why some stupid little
Windows box should become LMB instead of a Samba *server*.

* "domain master" now defaults to "auto". Currently this attempts to
become DMB iff Samba is the PDC (ala Windows NT). "preferred master" also
defaults to "auto", which enables preferred master iff Samba is DMB.

* lp_server_role now just returns the predetermined role, rather than
working it out each time, since the server role is becoming very heavily
used (esp for the BDC code).
(This used to be commit 4a23a358b5)

docs/htmldocs/smb.conf.5.html

@@ -435,10 +435,9 @@ parameter for details.  Note that some are synonyms.
 <p><br><li > <a href="smb.conf.5.html#interfaces"><strong>interfaces</strong></a>
 <p><br><li > <a href="smb.conf.5.html#keepalive"><strong>keepalive</strong></a>
 <p><br><li > <a href="smb.conf.5.html#kerneloplocks"><strong>kernel oplocks</strong></a>
-<p><br><li > <a href="smb.conf.5.html#ldapfilter"><strong>ldap filter</strong></a>
+<p><br><li > <a href="smb.conf.5.html#ldapbindas"><strong>ldap bind as</strong></a>
+<p><br><li > <a href="smb.conf.5.html#ldappasswdfile"><strong>ldap passwd file</strong></a>
 <p><br><li > <a href="smb.conf.5.html#ldapport"><strong>ldap port</strong></a>
-<p><br><li > <a href="smb.conf.5.html#ldaproot"><strong>ldap root</strong></a>
-<p><br><li > <a href="smb.conf.5.html#ldaprootpasswd"><strong>ldap root passwd</strong></a>
 <p><br><li > <a href="smb.conf.5.html#ldapserver"><strong>ldap server</strong></a>
 <p><br><li > <a href="smb.conf.5.html#ldapsuffix"><strong>ldap suffix</strong></a>
 <p><br><li > <a href="smb.conf.5.html#lmannounce"><strong>lm announce</strong></a>
@@ -1281,8 +1280,8 @@ The line can be either of the form:
 or it is a member of a domain using <a href="smb.conf.5.html#security"><strong>"security = domain"</strong></a>,
 the latter format can be used: the default Domain name is the Samba Server's
 Domain name, specified by <a href="smb.conf.5.html#workgroup"><strong>"workgroup = MYGROUP"</strong></a>.
-<p><br>Any UNIX groups that are <em>NOT</em> specified in this map file are assumed
-to be Domain Groups, but it depends on the role of the Samba Server.
+<p><br>Any UNIX groups that are <em>NOT</em> specified in this map file are assumed to
+be either Local or Domain Groups, depending on the role of the Samba Server.
 <p><br>In the case when Samba is an <strong>EXPERIMENTAL</strong> Domain Controller, Samba
 will present <em>ALL</em> such unspecified UNIX groups as its own NT Domain
 Groups, with the same name.
@@ -1374,7 +1373,11 @@ if this parameter is set and <a href="nmbd.8.html"><strong>nmbd</strong></a> cla
 special name for a <a href="smb.conf.5.html#workgroup"><strong>workgroup</strong></a> before a Windows NT
 PDC is able to do so then cross subnet browsing will behave strangely
 and may fail.
+<p><br>By default ("auto") Samba will attempt to become the domain master
+browser only if it is the Primary Domain Controller.
 <p><br><strong>Default:</strong>
+<code>	domain master = auto</code>
+<p><br><strong>Example:</strong>
 <code>	domain master = no</code>
 <p><br><a name="domainusermap"></a>
 <li><strong><strong>domain user map (G)</strong></strong>
@@ -1411,7 +1414,7 @@ Samba Server.
 <p><br>In the case when Samba is an <strong>EXPERIMENTAL</strong> Domain Controller, Samba
 will present <em>ALL</em> such unspecified UNIX users as its own NT Domain
 Users, with the same name.
-<p><br>In the case where Samba is member of a domain using
+<p><br>In the case where Samba is a member of a domain using
 <a href="smb.conf.5.html#security"><strong>"security = domain"</strong></a>, Samba will check the UNIX name with
 its Domain Controller (see <a href="smb.conf.5.html#passwordserver"><strong>"password server"</strong></a>)
 as if it was an NT Domain User.  If the Domain Controller says that it is not,
@@ -1847,55 +1850,42 @@ data consistency between SMB/CIFS, NFS and local file access (and is a
 <p><br>This parameter defaults to <em>"On"</em> on systems that have the support,
 and <em>"off"</em> on systems that don't. You should never need to touch
 this parameter.
-<p><br><a name="ldapfilter"></a>
-<li><strong><strong>ldap filter (G)</strong></strong>
+<p><br><a name="ldapbindas"></a>
+<li><strong><strong>ldap bind as (G)</strong></strong>
 <p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the <strong>--with-ldap</strong> option.
-<p><br>This parameter specifies an LDAP search filter used to search for a
-user name in the LDAP database. It must contain the string
-<a href="smb.conf.5.html#percentU"><strong>%u</strong></a> which will be replaced with the user being
-searched for.
+password database stored on an LDAP server. These options are only
+available if your version of Samba was configured with the <strong>--with-ldap</strong>
+option.
+<p><br>This parameter specifies the entity to bind to an LDAP directory as.
+Usually it should be safe to use the LDAP root account; for larger
+installations it may be preferable to restrict Samba's access. See also
+<a href="smb.conf.5.html#ldappasswdfile"><strong>ldap passwd file</strong></a>.
 <p><br><strong>Default:</strong>
-<code>	empty string.</code>
+<code>	none (bind anonymously)</code>
+<p><br><strong>Example:</strong>
+<code>	ldap bind as = "uid=root, dc=mydomain, dc=org"</code>
+<p><br><a name="ldappasswdfile"></a>
+<li><strong><strong>ldap passwd file (G)</strong></strong>
+<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a
+password database stored on an LDAP server. These options are only
+available if your version of Samba was configured with the <strong>--with-ldap</strong>
+option.
+<p><br>This parameter specifies a file containing the password with which
+Samba should bind to an LDAP server. For obvious security reasons
+this file must be set to mode 700 or less.
+<p><br><strong>Default:</strong>
+<code>	none (bind anonymously)</code>
+<p><br><strong>Example:</strong>
+<code>	ldap passwd file = /usr/local/samba/private/ldappasswd</code>
 <p><br><a name="ldapport"></a>
 <li><strong><strong>ldap port (G)</strong></strong>
 <p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the <strong>--with-ldap</strong> option.
-<p><br>This parameter specifies the TCP port number to use to contact
-the LDAP server on.
+password database stored on an LDAP server. These options are only
+available if your version of Samba was configured with the <strong>--with-ldap</strong>
+option.
+<p><br>This parameter specifies the TCP port number of the LDAP server.
 <p><br><strong>Default:</strong>
 <code>	ldap port = 389.</code>
-<p><br><a name="ldaproot"></a>
-<li><strong><strong>ldap root (G)</strong></strong>
-<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the <strong>--with-ldap</strong> option.
-<p><br>This parameter specifies the entity to bind to the LDAP server
-as (essentially the LDAP username) in order to be able to perform
-queries and modifications on the LDAP database.
-<p><br>See also <a href="smb.conf.5.html#ldaprootpasswd"><strong>ldap root passwd</strong></a>.
-<p><br><strong>Default:</strong>
-<code>	empty string (no user defined)</code>
-<p><br><a name="ldaprootpasswd"></a>
-<li><strong><strong>ldap root passwd (G)</strong></strong>
-<p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a
-password database stored on an LDAP server back-end. These options
-are only available if your version of Samba was configured with
-the <strong>--with-ldap</strong> option.
-<p><br>This parameter specifies the password for the entity to bind to the
-LDAP server as (the password for this LDAP username) in order to be
-able to perform queries and modifications on the LDAP database.
-<p><br><em>BUGS:</em> This parameter should <em>NOT</em> be a readable parameter
-in the <strong>smb.conf</strong> file and will be removed once a correct
-storage place is found.
-<p><br>See also <a href="smb.conf.5.html#ldaproot"><strong>ldap root</strong></a>.
-<p><br><strong>Default:</strong>
-<code>	empty string.</code>
 <p><br><a name="ldapserver"></a>
 <li><strong><strong>ldap server (G)</strong></strong>
 <p><br>This parameter is part of the <em>EXPERIMENTAL</em> Samba support for a
@@ -1903,7 +1893,8 @@ password database stored on an LDAP server back-end. These options
 are only available if your version of Samba was configured with
 the <strong>--with-ldap</strong> option.
 <p><br>This parameter specifies the DNS name of the LDAP server to use
-for SMB/CIFS authentication purposes.
+when storing and retrieving information about Samba users and
+groups.
 <p><br><strong>Default:</strong>
 <code>	ldap server = localhost</code>
 <p><br><a name="ldapsuffix"></a>
@@ -1912,11 +1903,13 @@ for SMB/CIFS authentication purposes.
 password database stored on an LDAP server back-end. These options
 are only available if your version of Samba was configured with
 the <strong>--with-ldap</strong> option.
-<p><br>This parameter specifies the <code>"dn"</code> or LDAP <em>"distinguished name"</em>
-that tells <a href="smbd.8.html"><strong>smbd</strong></a> to start from when searching
-for an entry in the LDAP password database.
+<p><br>This parameter specifies the node of the LDAP tree beneath which
+Samba should store its information. This parameter MUST be provided
+when using LDAP with Samba.
 <p><br><strong>Default:</strong>
-<code>	empty string.</code>
+<code>	none</code>
+<p><br><strong>Example:</strong>
+<code>	ldap suffix = "dc=mydomain, dc=org"</code>
 <p><br><a name="lmannounce"></a>
 <li><strong><strong>lm announce (G)</strong></strong>
 <p><br>This parameter determines if <a href="nmbd.8.html"><strong>nmbd</strong></a> will produce
@@ -1984,7 +1977,7 @@ or it is a member of a domain using <a href="smb.conf.5.html#security"><strong>"
 the latter format can be used: the default Domain name is the Samba Server's
 Domain name, specified by <a href="smb.conf.5.html#workgroup"><strong>"workgroup = MYGROUP"</strong></a>.
 <p><br>Any UNIX groups that are <em>NOT</em> specified in this map file are treated
-as Local Groups depending on the role of the Samba Server.
+as either Local or Domain Groups depending on the role of the Samba Server.
 <p><br>In the case when Samba is an <strong>EXPERIMENTAL</strong> Domain Controller, Samba
 will present <em>ALL</em> unspecified UNIX groups as its own NT Domain
 Groups, with the same name, and <em>NOT</em> as Local Groups.
@@ -2805,11 +2798,11 @@ for details.
 browse elections. The value of this parameter determines whether
 <a href="nmbd.8.html"><strong>nmbd</strong></a> has a chance of becoming a local master
 browser for the <a href="smb.conf.5.html#workgroup"><strong>WORKGROUP</strong></a> in the local broadcast
-area. The default is zero, which means <a href="nmbd.8.html"><strong>nmbd</strong></a> will
-lose elections to Windows machines. See BROWSING.txt in the Samba
-docs/ directory for details.
+area. Setting this to zero will cause <a href="nmbd.8.html"><strong>nmbd</strong></a> to
+always lose elections to Windows machines. See BROWSING.txt in the
+Samba docs/ directory for details.
 <p><br><strong>Default:</strong>
-<code>	os level = 0</code>
+<code>	os level = 32</code>
 <p><br><strong>Example:</strong>
 <code>	os level = 65    ; This will win against any NT Server</code>
 <p><br><a name="packetsize"></a>
@@ -3069,7 +3062,8 @@ force an election, and it will have a slight advantage in winning the
 election.  It is recommended that this parameter is used in
 conjunction with <a href="smb.conf.5.html#domainmaster"><strong>"domain master = yes"</strong></a>, so
 that <a href="nmbd.8.html"><strong>nmbd</strong></a> can guarantee becoming a domain
-master.
+master. Indeed the default ("auto") enables "preferred master" if
+Samba is configured as the domain master browser.
 <p><br>Use this option with caution, because if there are several hosts
 (whether Samba servers, Windows 95 or NT) that are preferred master
 browsers on the same subnet, they will each periodically and
@@ -3078,7 +3072,7 @@ result in unnecessary broadcast traffic and reduced browsing
 capabilities.
 <p><br>See also <a href="smb.conf.5.html#oslevel"><strong>os level</strong></a>.
 <p><br><strong>Default:</strong>
-<code> 	preferred master = no</code>
+<code> 	preferred master = auto</code>
 <p><br><strong>Example:</strong>
 <code> 	preferred master = yes</code>
 <p><br><a name="preferedmaster"></a>
@@ -3273,7 +3267,7 @@ command"</strong></a>.
 <strong>"printing=SYSV"</strong>,<strong>"printing="HPUX"</strong>,<strong>"printing=QNX"</strong> and
 <strong>"printing=SOFTQ"</strong>.
 <p><br>To see what the defaults are for the other print commands when using
-these three options use the <a href="testparm"><strong>"testparm"</strong></a> program.
+these three options use the <a href="testparm.1.html"><strong>"testparm"</strong></a> program.
 <p><br>This option can be set on a per printer basis
 <p><br>See also the discussion in the <a href="smb.conf.5.html#printers"><strong>[printers]</strong></a> section.
 <p><br><a name="protocol"></a>

docs/manpages/smb.conf.5

@@ -593,18 +593,15 @@ parameter for details\&.  Note that some are synonyms\&.
 \fBkernel oplocks\fP
 .IP 
 .IP o 
-\fBldap filter\fP
+\fBldap bind as\fP
+.IP 
+.IP o 
+\fBldap passwd file\fP
 .IP 
 .IP o 
 \fBldap port\fP
 .IP 
 .IP o 
-\fBldap root\fP
-.IP 
-.IP o 
-\fBldap root passwd\fP
-.IP 
-.IP o 
 \fBldap server\fP
 .IP 
 .IP o 
@@ -2073,8 +2070,8 @@ or it is a member of a domain using \fB"security = domain"\fP,
 the latter format can be used: the default Domain name is the Samba Server\'s
 Domain name, specified by \fB"workgroup = MYGROUP"\fP\&.
 .IP 
-Any UNIX groups that are \fINOT\fP specified in this map file are assumed
-to be Domain Groups, but it depends on the role of the Samba Server\&.
+Any UNIX groups that are \fINOT\fP specified in this map file are assumed to
+be either Local or Domain Groups, depending on the role of the Samba Server\&.
 .IP 
 In the case when Samba is an \fBEXPERIMENTAL\fP Domain Controller, Samba
 will present \fIALL\fP such unspecified UNIX groups as its own NT Domain
@@ -2188,7 +2185,13 @@ special name for a \fBworkgroup\fP before a Windows NT
 PDC is able to do so then cross subnet browsing will behave strangely
 and may fail\&.
 .IP 
+By default ("auto") Samba will attempt to become the domain master
+browser only if it is the Primary Domain Controller\&.
+.IP 
 \fBDefault:\fP
+\f(CW	domain master = auto\fP
+.IP 
+\fBExample:\fP
 \f(CW	domain master = no\fP
 .IP 
 .IP "\fBdomain user map (G)\fP" 
@@ -2236,7 +2239,7 @@ In the case when Samba is an \fBEXPERIMENTAL\fP Domain Controller, Samba
 will present \fIALL\fP such unspecified UNIX users as its own NT Domain
 Users, with the same name\&.
 .IP 
-In the case where Samba is member of a domain using
+In the case where Samba is a member of a domain using
 \fB"security = domain"\fP, Samba will check the UNIX name with
 its Domain Controller (see \fB"password server"\fP)
 as if it was an NT Domain User\&.  If the Domain Controller says that it is not,
@@ -2800,70 +2803,53 @@ This parameter defaults to \fI"On"\fP on systems that have the support,
 and \fI"off"\fP on systems that don\'t\&. You should never need to touch
 this parameter\&.
 .IP 
-.IP "\fBldap filter (G)\fP" 
+.IP "\fBldap bind as (G)\fP" 
 .IP 
 This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a
-password database stored on an LDAP server back-end\&. These options
-are only available if your version of Samba was configured with
-the \fB--with-ldap\fP option\&.
+password database stored on an LDAP server\&. These options are only
+available if your version of Samba was configured with the \fB--with-ldap\fP
+option\&.
 .IP 
-This parameter specifies an LDAP search filter used to search for a
-user name in the LDAP database\&. It must contain the string
-\fB%u\fP which will be replaced with the user being
-searched for\&.
+This parameter specifies the entity to bind to an LDAP directory as\&.
+Usually it should be safe to use the LDAP root account; for larger
+installations it may be preferable to restrict Samba\'s access\&. See also
+\fBldap passwd file\fP\&.
 .IP 
 \fBDefault:\fP
-\f(CW	empty string\&.\fP
+\f(CW	none (bind anonymously)\fP
+.IP 
+\fBExample:\fP
+\f(CW	ldap bind as = "uid=root, dc=mydomain, dc=org"\fP
+.IP 
+.IP "\fBldap passwd file (G)\fP" 
+.IP 
+This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a
+password database stored on an LDAP server\&. These options are only
+available if your version of Samba was configured with the \fB--with-ldap\fP
+option\&.
+.IP 
+This parameter specifies a file containing the password with which
+Samba should bind to an LDAP server\&. For obvious security reasons
+this file must be set to mode 700 or less\&.
+.IP 
+\fBDefault:\fP
+\f(CW	none (bind anonymously)\fP
+.IP 
+\fBExample:\fP
+\f(CW	ldap passwd file = /usr/local/samba/private/ldappasswd\fP
 .IP 
 .IP "\fBldap port (G)\fP" 
 .IP 
 This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a
-password database stored on an LDAP server back-end\&. These options
-are only available if your version of Samba was configured with
-the \fB--with-ldap\fP option\&.
+password database stored on an LDAP server\&. These options are only
+available if your version of Samba was configured with the \fB--with-ldap\fP
+option\&.
 .IP 
-This parameter specifies the TCP port number to use to contact
-the LDAP server on\&.
+This parameter specifies the TCP port number of the LDAP server\&.
 .IP 
 \fBDefault:\fP
 \f(CW	ldap port = 389\&.\fP
 .IP 
-.IP "\fBldap root (G)\fP" 
-.IP 
-This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a
-password database stored on an LDAP server back-end\&. These options
-are only available if your version of Samba was configured with
-the \fB--with-ldap\fP option\&.
-.IP 
-This parameter specifies the entity to bind to the LDAP server
-as (essentially the LDAP username) in order to be able to perform
-queries and modifications on the LDAP database\&.
-.IP 
-See also \fBldap root passwd\fP\&.
-.IP 
-\fBDefault:\fP
-\f(CW	empty string (no user defined)\fP
-.IP 
-.IP "\fBldap root passwd (G)\fP" 
-.IP 
-This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a
-password database stored on an LDAP server back-end\&. These options
-are only available if your version of Samba was configured with
-the \fB--with-ldap\fP option\&.
-.IP 
-This parameter specifies the password for the entity to bind to the
-LDAP server as (the password for this LDAP username) in order to be
-able to perform queries and modifications on the LDAP database\&.
-.IP 
-\fIBUGS:\fP This parameter should \fINOT\fP be a readable parameter
-in the \fBsmb\&.conf\fP file and will be removed once a correct
-storage place is found\&.
-.IP 
-See also \fBldap root\fP\&.
-.IP 
-\fBDefault:\fP
-\f(CW	empty string\&.\fP
-.IP 
 .IP "\fBldap server (G)\fP" 
 .IP 
 This parameter is part of the \fIEXPERIMENTAL\fP Samba support for a
@@ -2872,7 +2858,8 @@ are only available if your version of Samba was configured with
 the \fB--with-ldap\fP option\&.
 .IP 
 This parameter specifies the DNS name of the LDAP server to use
-for SMB/CIFS authentication purposes\&.
+when storing and retrieving information about Samba users and
+groups\&.
 .IP 
 \fBDefault:\fP
 \f(CW	ldap server = localhost\fP
@@ -2884,12 +2871,15 @@ password database stored on an LDAP server back-end\&. These options
 are only available if your version of Samba was configured with
 the \fB--with-ldap\fP option\&.
 .IP 
-This parameter specifies the \f(CW"dn"\fP or LDAP \fI"distinguished name"\fP
-that tells \fBsmbd\fP to start from when searching
-for an entry in the LDAP password database\&.
+This parameter specifies the node of the LDAP tree beneath which
+Samba should store its information\&. This parameter MUST be provided
+when using LDAP with Samba\&.
 .IP 
 \fBDefault:\fP
-\f(CW	empty string\&.\fP
+\f(CW	none\fP
+.IP 
+\fBExample:\fP
+\f(CW	ldap suffix = "dc=mydomain, dc=org"\fP
 .IP 
 .IP "\fBlm announce (G)\fP" 
 .IP 
@@ -2976,7 +2966,7 @@ the latter format can be used: the default Domain name is the Samba Server\'s
 Domain name, specified by \fB"workgroup = MYGROUP"\fP\&.
 .IP 
 Any UNIX groups that are \fINOT\fP specified in this map file are treated
-as Local Groups depending on the role of the Samba Server\&.
+as either Local or Domain Groups depending on the role of the Samba Server\&.
 .IP 
 In the case when Samba is an \fBEXPERIMENTAL\fP Domain Controller, Samba
 will present \fIALL\fP unspecified UNIX groups as its own NT Domain
@@ -4075,12 +4065,12 @@ This integer value controls what level Samba advertises itself as for
 browse elections\&. The value of this parameter determines whether
 \fBnmbd\fP has a chance of becoming a local master
 browser for the \fBWORKGROUP\fP in the local broadcast
-area\&. The default is zero, which means \fBnmbd\fP will
-lose elections to Windows machines\&. See BROWSING\&.txt in the Samba
-docs/ directory for details\&.
+area\&. Setting this to zero will cause \fBnmbd\fP to
+always lose elections to Windows machines\&. See BROWSING\&.txt in the
+Samba docs/ directory for details\&.
 .IP 
 \fBDefault:\fP
-\f(CW	os level = 0\fP
+\f(CW	os level = 32\fP
 .IP 
 \fBExample:\fP
 \f(CW	os level = 65    ; This will win against any NT Server\fP
@@ -4426,7 +4416,8 @@ force an election, and it will have a slight advantage in winning the
 election\&.  It is recommended that this parameter is used in
 conjunction with \fB"domain master = yes"\fP, so
 that \fBnmbd\fP can guarantee becoming a domain
-master\&.
+master\&. Indeed the default ("auto") enables "preferred master" if
+Samba is configured as the domain master browser\&.
 .IP 
 Use this option with caution, because if there are several hosts
 (whether Samba servers, Windows 95 or NT) that are preferred master
@@ -4438,7 +4429,7 @@ capabilities\&.
 See also \fBos level\fP\&.
 .IP 
 \fBDefault:\fP
-\f(CW 	preferred master = no\fP
+\f(CW 	preferred master = auto\fP
 .IP 
 \fBExample:\fP
 \f(CW 	preferred master = yes\fP

docs/yodldocs/smb.conf.5.yo

@@ -1953,7 +1953,13 @@ special name for a link(bf(workgroup))(workgroup) before a Windows NT
 PDC is able to do so then cross subnet browsing will behave strangely
 and may fail.
 
+By default ("auto") Samba will attempt to become the domain master
+browser only if it is the Primary Domain Controller.
+
   bf(Default:)
+tt(	domain master = auto)
+
+  bf(Example:)
 tt(	domain master = no)
 
 
@@ -3910,12 +3916,12 @@ This integer value controls what level Samba advertises itself as for
 browse elections. The value of this parameter determines whether
 url(bf(nmbd))(nmbd.8.html) has a chance of becoming a local master
 browser for the link(bf(WORKGROUP))(workgroup) in the local broadcast
-area. The default is zero, which means url(bf(nmbd))(nmbd.8.html) will
-lose elections to Windows machines. See BROWSING.txt in the Samba
-docs/ directory for details.
+area. Setting this to zero will cause url(bf(nmbd))(nmbd.8.html) to
+always lose elections to Windows machines. See BROWSING.txt in the
+Samba docs/ directory for details.
 
   bf(Default:)
-tt(	os level = 0)
+tt(	os level = 32)
 
   bf(Example:)
 tt(	os level = 65    ; This will win against any NT Server)
@@ -4257,7 +4263,8 @@ force an election, and it will have a slight advantage in winning the
 election.  It is recommended that this parameter is used in
 conjunction with link(bf("domain master = yes"))(domainmaster), so
 that url(bf(nmbd))(nmbd.8.html) can guarantee becoming a domain
-master.
+master. Indeed the default ("auto") enables "preferred master" if
+Samba is configured as the domain master browser.
 
 Use this option with caution, because if there are several hosts
 (whether Samba servers, Windows 95 or NT) that are preferred master
@@ -4269,7 +4276,7 @@ capabilities.
 See also link(bf(os level))(oslevel).
 
   bf(Default:)
-tt( 	preferred master = no)
+tt( 	preferred master = auto)
 
   bf(Example:)
 tt( 	preferred master = yes)

source3/include/smb.h

@@ -33,6 +33,7 @@
 
 #define False (0)
 #define True (1)
+#define Auto (2)
 #define BOOLSTR(b) ((b) ? "Yes" : "No")
 #define BITSETB(ptr,bit) ((((char *)ptr)[0] & (1<<(bit)))!=0)
 #define BITSETW(ptr,bit) ((SVAL(ptr,0) & (1<<(bit)))!=0)

source3/nmbd/nmbd_elections.c

@@ -135,9 +135,6 @@ void check_master_browser_exists(time_t t)
   struct subnet_record *subrec;
   char *workgroup_name = global_myworkgroup;
 
-  if (!lastrun)
-    lastrun = t;
-
   if (t < (lastrun + (CHECK_TIME_MST_BROWSE * 60)))
     return;
 

source3/nmbd/nmbd_workgroupdb.c

@@ -254,8 +254,7 @@ void initiate_myworkgroup_startup(struct subnet_record *subrec, struct work_reco
      if we are so configured. */
 
   if ((subrec != unicast_subnet) && (subrec != remote_broadcast_subnet) &&
-      (subrec != wins_server_subnet) && lp_preferred_master() &&
-      lp_local_master())
+      (subrec != wins_server_subnet) && lp_preferred_master())
   {
     DEBUG(3, ("initiate_myworkgroup_startup: preferred master startup for \
 workgroup %s on subnet %s\n", work->work_group, subrec->subnet_name));

source3/param/loadparm.c

@@ -441,6 +441,7 @@ static int iNumServices = 0;
 static int iServiceIndex = 0;
 static BOOL bInGlobalSection = True;
 static BOOL bGlobalOnly = False;
+static int server_role;
 static int default_server_announce;
 
 #define NUMPARAMETERS (sizeof(parm_table) / sizeof(struct parm_struct))
@@ -453,6 +454,7 @@ static BOOL handle_character_set(char *pszParmValue,char **ptr);
 static BOOL handle_coding_system(char *pszParmValue,char **ptr);
 static BOOL handle_vfs_object(char *pszParmValue, char **ptr);
 
+static void set_server_role(void);
 static void set_default_server_announce_type(void);
 
 static struct enum_list enum_protocol[] = {{PROTOCOL_NT1, "NT1"}, {PROTOCOL_LANMAN2, "LANMAN2"}, 
@@ -475,7 +477,7 @@ static struct enum_list enum_announce_as[] = {{ANNOUNCE_AS_NT, "NT"}, {ANNOUNCE_
 
 static struct enum_list enum_case[] = {{CASE_LOWER, "lower"}, {CASE_UPPER, "upper"}, {-1, NULL}};
 
-static struct enum_list enum_lm_announce[] = {{0, "False"}, {1, "True"}, {2, "Auto"}, {-1, NULL}};
+static struct enum_list enum_bool_auto[] = {{False, "False"}, {True, "True"}, {Auto, "Auto"}, {-1, NULL}};
 
 /* 
    Do you want session setups at user level security with a invalid
@@ -719,12 +721,12 @@ static struct parm_struct parm_table[] =
   {"Browse Options", P_SEP, P_SEPARATOR},
 
   {"os level",         P_INTEGER, P_GLOBAL, &Globals.os_level,          NULL,   NULL,  FLAG_BASIC},
-  {"lm announce",      P_ENUM,    P_GLOBAL, &Globals.lm_announce,       NULL,   enum_lm_announce, 0},
+  {"lm announce",      P_ENUM,    P_GLOBAL, &Globals.lm_announce,       NULL,   enum_bool_auto, 0},
   {"lm interval",      P_INTEGER, P_GLOBAL, &Globals.lm_interval,       NULL,   NULL,  0},
-  {"preferred master", P_BOOL,    P_GLOBAL, &Globals.bPreferredMaster,  NULL,   NULL,  FLAG_BASIC},
-  {"prefered master",  P_BOOL,    P_GLOBAL, &Globals.bPreferredMaster,  NULL,   NULL,  0},
+  {"preferred master", P_ENUM,    P_GLOBAL, &Globals.bPreferredMaster,  NULL,   enum_bool_auto,  FLAG_BASIC},
+  {"prefered master",  P_ENUM,    P_GLOBAL, &Globals.bPreferredMaster,  NULL,   enum_bool_auto,  FLAG_HIDE},
   {"local master",     P_BOOL,    P_GLOBAL, &Globals.bLocalMaster,      NULL,   NULL,  FLAG_BASIC},
-  {"domain master",    P_BOOL,    P_GLOBAL, &Globals.bDomainMaster,     NULL,   NULL,  FLAG_BASIC},
+  {"domain master",    P_ENUM,    P_GLOBAL, &Globals.bDomainMaster,     NULL,   enum_bool_auto,  FLAG_BASIC},
   {"browse list",      P_BOOL,    P_GLOBAL, &Globals.bBrowseList,       NULL,   NULL,  0},
   {"browseable",       P_BOOL,    P_LOCAL,  &sDefault.bBrowseable,      NULL,   NULL,  0},
   {"browsable",        P_BOOL,    P_LOCAL,  &sDefault.bBrowseable,      NULL,   NULL,  0},
@@ -902,7 +904,7 @@ static void init_globals(void)
   Globals.syslog = 1;
   Globals.bSyslogOnly = False;
   Globals.bTimestampLogs = True;
-  Globals.os_level = 0;
+  Globals.os_level = 32;
   Globals.max_ttl = 60*60*24*3; /* 3 days default. */
   Globals.max_wins_ttl = 60*60*24*6; /* 6 days default. */
   Globals.min_wins_ttl = 60*60*6; /* 6 hours default. */
@@ -974,9 +976,9 @@ static void init_globals(void)
 
 */
 
-  Globals.bPreferredMaster = False;
+  Globals.bPreferredMaster = Auto; /* depending on bDomainMaster */
   Globals.bLocalMaster = True;
-  Globals.bDomainMaster = False;
+  Globals.bDomainMaster = Auto; /* depending on bDomainLogons */
   Globals.bDomainLogons = False;
   Globals.bBrowseList = True;
   Globals.bWINSsupport = False;
@@ -1214,9 +1216,7 @@ FN_GLOBAL_BOOL(lp_wins_support,&Globals.bWINSsupport)
 FN_GLOBAL_BOOL(lp_we_are_a_wins_server,&Globals.bWINSsupport)
 FN_GLOBAL_BOOL(lp_wins_proxy,&Globals.bWINSproxy)
 FN_GLOBAL_BOOL(lp_local_master,&Globals.bLocalMaster)
-FN_GLOBAL_BOOL(lp_domain_master,&Globals.bDomainMaster)
 FN_GLOBAL_BOOL(lp_domain_logons,&Globals.bDomainLogons)
-FN_GLOBAL_BOOL(lp_preferred_master,&Globals.bPreferredMaster)
 FN_GLOBAL_BOOL(lp_load_printers,&Globals.bLoadPrinters)
 FN_GLOBAL_BOOL(lp_use_rhosts,&Globals.bUseRhosts)
 FN_GLOBAL_BOOL(lp_readprediction,&Globals.bReadPrediction)
@@ -2581,6 +2581,7 @@ BOOL lp_load(char *pszFname,BOOL global_only, BOOL save_defaults, BOOL add_ipc)
   if (add_ipc)
 	  lp_add_ipc();
 
+  set_server_role();
   set_default_server_announce_type();
 
   bLoaded = True;
@@ -2665,6 +2666,50 @@ char *volume_label(int snum)
 }
 
 
+/*******************************************************************
+ Set the server type we will announce as via nmbd.
+********************************************************************/
+static void set_server_role(void)
+{
+	server_role = ROLE_DOMAIN_NONE;
+
+	switch (lp_security())
+	{
+		case SEC_SHARE:
+		{
+			if (lp_domain_logons())
+			{
+				DEBUG(0,("Server's Role (logon server) conflicts with share-level security\n"));
+			}
+			break;
+		}
+		case SEC_SERVER:
+		case SEC_DOMAIN:
+		{
+			if (lp_domain_logons())
+			{
+				server_role = ROLE_DOMAIN_BDC;
+				break;
+			}
+			server_role = ROLE_DOMAIN_MEMBER;
+			break;
+		}
+		case SEC_USER:
+		{
+			if (lp_domain_logons())
+			{
+				server_role = ROLE_DOMAIN_PDC;
+				break;
+			}
+			break;
+		}
+		default:
+		{
+			DEBUG(0,("Server's Role undefined due to unknown security mode\n"));
+		}
+	}
+}
+
 /*******************************************************************
  Set the server type we will announce as via nmbd.
 ********************************************************************/
@@ -2852,39 +2897,32 @@ BOOL lp_kernel_oplocks(void)
 /***********************************************************
  returns role of Samba server
 ************************************************************/
+
 int lp_server_role(void)
 {
-	switch (lp_security())
-	{
-		case SEC_SHARE:
-		{
-			if (lp_domain_logons())
-			{
-				DEBUG(0,("Server's Role (logon server) conflicts with share-level security\n"));
-			}
-			return ROLE_DOMAIN_NONE;
-		}
-		case SEC_SERVER:
-		case SEC_DOMAIN:
-		{
-			if (lp_domain_logons())
-			{
-				return ROLE_DOMAIN_BDC;
-			}
-			return ROLE_DOMAIN_MEMBER;
-		}
-		case SEC_USER:
-		{
-			if (lp_domain_logons())
-			{
-				return ROLE_DOMAIN_PDC;
-			}
-			return ROLE_DOMAIN_NONE;
-		}
-		default:
-		{
-			DEBUG(0,("Server's Role undefined due to unknown security mode\n"));
-			return ROLE_DOMAIN_NONE;
-		}
-	}
+  return server_role;
+}
+
+/***********************************************************
+ If we are PDC then prefer us as DMB
+************************************************************/
+
+BOOL lp_domain_master(void)
+{
+	if (Globals.bDomainMaster == Auto)
+		return (server_role == ROLE_DOMAIN_PDC);
+
+	return Globals.bDomainMaster;
+}
+
+/***********************************************************
+ If we are DMB then prefer us as LMB
+************************************************************/
+
+BOOL lp_preferred_master(void)
+{
+	if (Globals.bPreferredMaster == Auto)
+		return (lp_local_master() && lp_domain_master());
+
+	return Globals.bPreferredMaster;
 }