Help please...Winbind problem using trusted domains?

Walter_Prentice/Trimax at trimax.com Walter_Prentice/Trimax at trimax.com
Mon Dec 17 08:33:04 GMT 2001 

Hi, I'm new to Samba and Winbind, after following the instructions I found
in the Samba doc's and in this list a finally configured a Samba server
using the Winbind services two weeks ago.

Everything was working fine one Monday ... until this  Friday when suddenly
the windbind stopped showing the local domain groups.

I can actually access the shares I've set up last week , but if I try to
see the NT groups from the shell (wbinfo -g) I get "Error looking up domain
groups" so if I try to change or assing a new NT group using the permission
tab on KDE I can not see the NT gropus.

Security is OK (wbinfo -t)


History/Environment:
I'm using RH 7.0 and Samba 2.2.2
We have two offices linked by a T1 (one in Canada, one in USA) with two NT
domain and a  trust relationship established.
I need to add a local route to the Samba server  in order to see the USA
domain.

Last week I had to remove the route needed to see the USA domain because
the server was really slow when trying to validate users  or simply trying
to change or add permissions on KDE. Even the logon service stop responding
(maybe timeout).

By doing this I was able to see only the local domain groups (Canada). I
did this because the "allow trusted domain" switch seems not to be working,
no matter what a set here I was able to see the groups from the two domains
and it was really slow.

After this Friday, if a add the route again I'm able to see the USA
domain's groups but not the Canada (local) groups !!!


Could you please help me with these problems, I also have some questions
for you:

1. Is there a way to set Samba and winbind to work only with my local
domain ?

2. Can we make the samba server act as a BDC so that if we miss the winbind
service we  can still gain access to the shares using the local security
information.

3. If I join the server to the domain again, will I have to set up the
security again, (gid and uid numbers wil change ?)

This is a copy of my smb.conf

# Samba config file created using SWAT
# from cto3nsfp (127.0.0.1)
# Date: 2001/12/17 10:17:43

# Global parameters

[global]
     workgroup = TRIMAX
     server string = File Server - Linux RH 7.0 Samba 2.2.2
     security = DOMAIN
     encrypt passwords = Yes
     allow trusted domains = No
     password server = GATE
     name resolve order = lmhosts wins host bcast
     addprinter command = /usr/bin/addprinter
     preferred master = False
     local master = No
     domain master = False
     dns proxy = No
     wins server = 142.67.0.10
     winbind uid = 10000-20000
     winbind gid = 10000-20000
     winbind cache time = 1800
     printer admin = trimax\walterp walterp
     hosts allow = 142.67.

[CIT Group]
     path = /home/Toronto/citgroup
     read only = No

[Marketing]
     path = /home/Toronto/marketing
     read only = No

[DriveN]
     path = /home/Toronto/public/nt1drivec
     read only = No
     inherit permissions = Yes
     guest ok = Yes

[DriveO]
     path = /home/Toronto/public/nt1drived
     read only = No
     inherit permissions = Yes
     guest ok = Yes

[DriveP]
     path = /home/Toronto/public/nt1drivee
     read only = No
     inherit permissions = Yes
     guest ok = Yes

[printers]
     comment = All Printers
     path = /var/spool/samba
     read only = No
     guest ok = Yes
     printable = Yes
     use client driver = Yes
     printer driver file =
     browseable = No

[print$]
     path = /usr/local/samba/printer
     read only = No
     inherit permissions = Yes
     guest ok = Yes

More information about the samba mailing list