[Samba-it] Trusted Domain

Massimiliano Corno - GESP s.r.l. corno at gesp.it
Thu Apr 13 17:25:02 MDT 2006


Non riesco a fare mettere in Trusted due domini remoti.
Le due LAN sono connesse tramite VPN (OpenVPN).
Quando dalla LAN A eseguo il comando:

net rpc trustdom establish DOMB

ottengo il seguente output:
[2006/04/13 17:20:45, 0] utils/net_rpc.c:rpc_trustdom_establish(4387)
  Couldn't find domain controller for domain DOMB.

Ovviamente ho creato le entry sia in passwd che in samba (non uso ldap).

Qui di seguito riporto i due smb.conf

-- SERVER A

[global]
        workgroup = DOMA
	netbios name = SERV-A
        server string = Domain Server - Release 2.0
        interfaces = 10.0.0.1/255.255.255.0
        update encrypted = Yes
        min password length = 8
        passwd program = /usr/bin/passwd %u
        unix password sync = Yes
        log level = 3
        keepalive = 60
        add user script = /usr/sbin/useradd  -g machines -c Machine -d
/dev/null -s /bin/false %m$
        add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
        logon script = login.bat
        logon path = \\%N\profiles\%u
        logon drive = H:
        logon home = \\SERV-A\%u
        domain logons = Yes
        preferred master = Yes
        delete user script = /usr/sbin/userdel -r %u
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groupdel %g
        add user to group script = /usr/sbin/gpasswd -a '%u' '%g'

###
# x il Trust
        idmap uid = 51000-60000
        idmap gid = 51000-60000

## Winbindd

        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind use default domain = Yes
        winbind enum users = yes
        winbind enum groups = yes
        wins support = Yes
        wins proxy = Yes
        dns proxy = Yes
        ldap ssl = no
        remote browse sync = 10.0.1.1
        name resolve order = lmhosts wins hosts
        admin users = @ntadmin
        hosts allow = 10.0.0., 10.0.1.

# ACLs

        nt acl support = yes
        inherit acls = yes
        map acl inherit = yes
        map archive = no
        map hidden = no
        map system = no
        store dos attributes = yes

[profiles]
        path = /home/samba/ntprofile
        read only = No
        create mask = 0600

[netlogon]
        path = /usr/local/samba/netlogon
        invalid users = @olduser
        write list = ntadmin
        browseable = No

[homes]
        comment = home-directory
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No
        locking = No


-- SERVER B --

[Global]
         add user script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -M %u
         domain logons = yes
	 domain master = yes
	 encrypt passwords = yes
         unix password sync = Yes
         passwd program = /usr/bin/passwd %u
         update encrypted = yes
         add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
         hosts allow = 127.0.0.1, 10.0.0., 10.0.1.
     	 local master = yes
         log file = /var/log/samba.%m
         log level = 2
         logon path = \\%L\profiles\%u
         logon drive = h:
         logon script = login.bat
         max log size = 50
         netbios name = SERV-B
   	 os level = 64
   	 preferred master = yes
   	 security = user
	 server string = PDC - Samba %v
   	 workgroup = DOMB
   	 create mask = 0770
   	 directory mask = 0770

        idmap uid = 21000-30000
        idmap gid = 21000-30000

## Winbindd
        wins support = Yes
        winbind uid = 30000-50000
        winbind gid = 30000-50000
        winbind use default domain = Yes
  	wins proxy = Yes
        ldap ssl = no
	admin users = @ntadmin
	hosts allow = 192.168.10., 192.168.11., 192.168.69.
        remote browse sync = 10.0.0.1
        name resolve order = lmhosts wins hosts

[netlogon]
        comment = Network Logon Service
        path = /home/netlogon
        read only = yes
	browseable = no
        write list = @ntadmin
[homes]
   	comment = home-directory
   	browseable = no
   	writeable = yes

[profiles]
         admin users = @admuser
         path = /home/profiles
         writeable = yes
         browsable = no
         create mask = 0600
         directory mask = 0700


Qualcuno ha qualche idea?

Grazie
Max



More information about the samba-it mailing list