[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home
Directories) Problem
Adrian Chow
achow at uwcsea.edu.sg
Fri Oct 22 01:59:55 GMT 2004
Hi Igor,
Thanks for giving it a shot. Maybe by asking questions I get to clarify
something.
1. What do you mean by Shares specified with Domain?
My 2 PDCs are having the default \\%N\%U at the logon home path in the
smb.conf.
However, under LDAP, each user (in both domains) are having a
sambaHomePath and sambaHomeDrive attribute. And the home path is not
necessary pointing to the PDC. It could be a remote server which is a
domain member of the respective PDC. Hence I have setup such that the
each domain have a different atttribute. I did not change the smb.conf
configuration on the "logon home".
Domain A user may point to \\domain_member_server_of_DomA\%U
Domain B user may point to \\PDC_of_DomB\%U
I also tested that the attributes in LDAP overwrites the smb.conf "logon
home".
Likewise I got the same signs. ClientXP joins Domain A. Logins as
Domain A user. Able to map all drive specified in LDAP for domain A and
also load the login script specified in LDAP for Domain A.
ClientXP then logins as Domain B user. Unable to map anything and fail
to load the login scripts.
Vice Versa. It depends whether the Client joins which Domain.
In the syslogs on both PDCs, (Client Joins DomA) I found out that some
how they are querying the LDAP_DomA for the user_DomB, when I login to
the dom B. It is weird, it should just query PDC_Dom_B for the user and
then allow it to map. However on the syslog, I saw it queries PDC_DomB
first and then queries LDAP_DomA for user_Dom B..... it is weird. As if
the query failed for asking from PDC_Dom_B. But on the syslog, NO
errors and PDC_Dom_B checks its own LDAP and returns all the attributes
for the users.
Thanks.
adrian
Igor Belyi wrote:
> I can give a shoot at explaining the behavior and if I'm too off I hope
> I'll be corrected.
>
> When you select Domain into which you want to login you specify the
> Domain where your credentials (username and password) should be verified
> but shares specified without Domain will be retrieved from the Domain
> your XP client belongs to.
>
> I think what you want is to have 'logon home = \\%D\%U' instead of the
> one you get by default: '\\%N\%U'
>
> Hope it helps,
> Igor
>
> Adrian Chow wrote:
>
>> Hi,
>>
>> Here is my scenario:-
>> 1. I got 1 LDAP server with two domains (A & B) configured to it.
>> 2. Both domain PDCs are fully trusted to one another. I did the
>> "trustdom establish" both ways.
>> 3. I have 1 XP client that has joined Dom A. The login bar can allow
>> you to login to 2 domains.
>> 4. I can managed to login to both domains.
>> 5. I got all the sambaHomePath and home drive done properly on both
>> servers in terms of LDAP portions.
>>
>>
>> Problem:-
>> When I login (from XP client) to Dom A, no problem. The home drive
>> gets mapped.
>> When I login to Dom B, the home drive never gets mapped. The login
>> scripts never run. "net use x: /home" on the xp client says: "the
>> user home directory cannot be determined." But \\domB\homes on
>> windows explorer worked!!
>>
>> I turn all syslog to debug and check everything on BOTH PDCs. NO
>> errors! What is going wrong?
>>
>> Funny thing is that the Dom A PDC will query the Dom B for passwd auth
>> check during the "net use x: /home". Then it will query itself for
>> the sambaHomeDrive details and such.... no errors at all... but
>> logging in to Dom B cannot do it.
>>
>> I have also tried unjoining Dom A and rejoining Dom B. The results is
>> vice versa. That means Logging in to Dom B got no problems in terms
>> of mapping. But Logging in to Dom A got problems.....
>>
>>
>> Can anyone shed a light for me in this? I was about to do mass
>> deployment. My version of Samba is 3.07 for Dom B and 3.04 for Dom A.
>> They are running on Debian.
>>
>> Thanks.
>>
>> adrian
>>
>
>
>
More information about the samba
mailing list