[Samba] Re: Trusting and trusted domain (home mapping) problem

Adrian Chow achow at uwcsea.edu.sg
Sat Nov 6 04:41:21 GMT 2004 

Hi Igor,

Thanks so much for troubleshooting all this while and we found out none of our configuration is the problem but the source code.  Hope that the samba team will modify to a working code so that I can deploy it.

Actually my dateline to deploy is coming soon and I do not know what to do now.....  when do you think the code will be modified and be released?

Thanks so much for your help.

adrian

---------- Original Message ----------------------------------
From: Igor Belyi <sambauser at katehok.ac93.org>
Date:  Fri, 05 Nov 2004 12:03:46 -0500

>Adrian Chow wrote:
>
>> Hi Igor (and samba team),
>>
>> I have done the following:-
>> -I have upgraded the samba versions of the both servers to be the same.
>> -The ldap servers are in the same version.
>> -DomainAPDC and DomainBPDC has winbind in nsswitch
>> -wbinfo all works.
>> -"getent group" and "getent passwd" shows ldap entries of local domain 
>> and winbind entries of the remote domain.
>> -However I still cannot map the home directory of the Domain_B_user 
>> when I log into Domain_B on Domain_A_XP computer.
>> - smbclient //domain_A_PDC/shared -U domain_B/domain_B_user is working.
>>
>> The command I run on the command prompt (which will work) if I am 
>> Domain_A_user into Domain_A on Domain_A_XP_computer is "net use x: 
>> /home".  But before I map it, the home directory is already mapped 
>> based on the sambahomepath and sambahomedrive in the ldap entries.  I 
>> am using the "net use" command to do testing.
>> If I were to run the same "net use x: /home" command as a 
>> Domain_B_User logging into Domain_B on Domain_A_XP_computer, the home 
>> directory never gets mapped.  Igor has make it work on his server but 
>> I am still stuck.  (Igor, if you run "net use z: /home" command as the 
>> Domain_B_User logging into Domain_B on DOmain_A_XP, does it work?)
>
>I think there's some miscommunication involved. :)
>
>User's home directory does get mapped during login according to 
>sambaHomePath and sambaHomeDrive LDAP entries. I can verify this by 
>looking at the "net use" output. However, when I run "net use x: /home" 
>it gives me an error: "The user's home directory could not be 
>determined." Accroding to DomainA log during this call the user's home 
>share get created on ServerA (PDC for DomainA) instead of using the one 
>specified as sambaHomePath:
>
>[2004/11/05 08:17:44, 3] param/loadparm.c:lp_add_home(2341)
>  adding home's share [testA] for user 'DOMAINA\testA' at 
>'/home/DOMAINA/testA'
>
>I'm still investigating if this is based solely on XP request (XP side 
>problem) of if this is a way Samba responds on a general "net use x: 
>/home" request (Samba side problem).
>
>>
>> On my winbind log on Domain_A_PDC, I get the following :-
>>
>> legend:-
>> uwcstu is domain_B
>> grade2 is domain_B_user
>> 10000 is gid of DomainB\Domain Users group on Domain_A_PDC.
>> staff is domain A
>>
>> -----------------------------------------
>>
>> [2004/11/05 19:10:16, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
>>   [29440]: getpwnam uwcstu\grade2
>> [2004/11/05 19:10:16, 3] 
>> nsswitch/winbindd_group.c:winbindd_getgroups(1030)
>>   [29440]: getgroups UWCSTU\grade2
>> [2004/11/05 19:10:16, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
>>   [29440]: gid to sid 10000
>> [2004/11/05 19:10:16, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
>>   [29440]: getpwnam uwcstu\grade2
>> [2004/11/05 19:10:16, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(243)
>>   [29440]: getgrnam grade2
>> [2004/11/05 19:10:16, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2008)
>>   ldapsam_getgroup: Did not find group
>> [2004/11/05 19:10:16, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
>>   group grade2 in domain STAFF does not exist
>>
>> ----------------------------------------------------------------
>>
>> Questions:-
>> 1. Why domain_A_PDC will try to getgrnam "grade2"? How did grade2 
>> ended up as a group and not a user?
>>
>> 2.  Isn't it supposed to be getgrnam "UWCSTU\Domain Users" since 
>> winbindd_gid_to_sid is converting 10000 to "UWCSTU\Domain Users"?
>>
>> 3.  Any commands for me to test getgroups?
>>
>> 4.  Any ideas how to proceed on?
>
>I have similar problem - the same errors in winbind log. I'm 
>investigating this as well. I actually have 2 groups for userA and one 
>gets mapping into user's name with domain stripped out, another into 
>'tty'. I suspect it's a Samba bug. But, again - it does not cause 
>problems with automatic map of user home.
>
>The only suggestion I have at the moment is to look into the source...
>
>Igor
>
>

More information about the samba mailing list