[Samba] Settings for winbind on BDC
Simo Sorce
idra at samba.org
Wed Dec 7 15:58:49 GMT 2005
On Wed, 2005-12-07 at 16:45 +0100, Michael Gasch wrote:
> hi,
>
> we have a PDC/BDC Samba v3 setup (DOMA) which trusts a foreign Samba v3
> domain (DOMB).
>
> we also installed winbindd on both DCs with idmaping in our network
> (DOMA) to authenticate users from DOMB. otherwise samba claims "User not
> found" or "Finding user xxx: No such User".
>
> it works great on PDC but not on the BDC. winbind won´t idmap users from
> DOMB on our BDC as PDC does.
>
> winbind.log from BDC:
> Added domain DOMA S-1-5-21-1042031166-381324594-2118846581
> Added domain BUILTIN S-1-5-32
>
>
> winbind.log from PDC:
> Added domain DOMA S-1-5-21-1042031166-381324594-2118846581
> Added domain BUILTIN S-1-5-32
>
> *Added domain DOMB S-1-5-21-1046543266-381324594-9876846581*
>
> net rpc trustdom lists the trusted domain (DOMB) on PDC *and* BDC after
> establishing the trust on PDC to PDC from DOMB.
>
> should that work is is this setup not possible with samba?
> in case PDC goes down BDC would only find POSIX information for its own
> domain and not for the trusted domain, which is bad.
Actually trust info is not replicated between DCs (eg, the trust
password is not replicated), so you should launch the trustdom command
on each samba DC to let it be set in the secrets.tdb file of each DC.
Simo.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba
mailing list