[Samba] Interdomain Trusts
Gregory Cushing
ioudas at gmail.com
Tue Jun 3 14:24:11 MDT 2014
Gaiseric,
I think there is some confusion. This person is not running a classic setup
or anything. They want trusts between two domains not within sambas domain
to work. I am not sure we are talking about the same thing.
I do not have the desire to create a trust between samba and any domain.
Rather have one way trusts resolved from dom b.
I have tried this in 3.6.9 as well as 4.1.6 and the trust is actually found
in the log file for winbind. It lists it as a 1 way trust. Yet users are
not mapped. I can confirm that the ID map is accepted. However the fn
query_list returns 0 users.
-Greg
On Tue, Jun 3, 2014 at 4:00 PM, Gaiseric Vandal <gaiseric.vandal at gmail.com>
wrote:
> I use samba 3.6.x for domain controllers for a "classic "
> (security=server) domain. I have trusts with Windows 2003. I wanted
> the Samba domain to trust the Windows domain. My goals did not include
> having the Windows domain trusts the samba domain but I found it didn't
> work right with out two way trusts.
>
>
> If sounds like you are able to get a list of users with wbinfo (wbinfo
> -u), and use the various wbinfo options to check mappings
>
> wbinfo -n "TRUSTEDDOMAIN\someuser"
>
> shd return the SID
>
> wbinfo -s "SOMESID"
>
> shd return the name of the trusted user
>
> wbinfo -S "SOMESID"
> shd return an user ID of the trusted user.
>
>
> Your /etc/nsswitch.conf file should have something like
>
> passwd: files winbind
>
>
> The following commands require the nsswitch stuff to be working properly.
>
>
> getent "TRUSTEDDOMAIN\someuser" passwd
> id "TRUSTEDDOMAIN\someuser"
>
>
>
>
>
>
>
> On 06/03/14 14:27, Gregory Cushing wrote:
>
>> Does anyone know if interdomain trusts work in samba at all and what
>> versions they do? I am trying to get a 1 way trust working between two
>> domains and DOM A (which samba is joined to works in mapping users via
>> winbind) just not the one way trust for the other domain.... DOM B
>>
>> Samba is just a joined member of the domain A with security = ads with
>> nothing more than winbind id rid maps for both domains. The ID Map is
>> made,
>> I can do a wbinfo -a and resolve the sid for dom b.
>>
>> I can see the users of the joined domain a with getent, but not with dom
>> b.
>> Looking at the log.wb-DOMB I can see the errors are no inbound trust
>> listed. Yet it is enumerated in the winbind log for dom a to Dom B
>>
>>
>> Any help would be appreciated.
>>
>>
>> -Greg
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list