[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home Directories) Problem

Adrian Chow achow at uwcsea.edu.sg
Fri Oct 22 01:59:55 GMT 2004

Hi Igor,

Thanks for giving it a shot.  Maybe by asking questions I get to clarify 

1.  What do you mean by Shares specified with Domain?

My 2 PDCs are having the default \\%N\%U at the logon home path in the 
However, under LDAP, each user (in both domains) are having a 
sambaHomePath and sambaHomeDrive attribute.  And the home path is not 
necessary pointing to the PDC.  It could be a remote server which is a 
domain member of the respective PDC.  Hence I have setup such that the 
each domain have a different atttribute.  I did not change the smb.conf 
configuration on the "logon home".
Domain A user may point to \\domain_member_server_of_DomA\%U
Domain B user may point to \\PDC_of_DomB\%U

I also tested that the attributes in LDAP overwrites the smb.conf "logon 

Likewise I got the same signs.  ClientXP joins Domain A.  Logins as 
Domain A user. Able to map all drive specified in LDAP for domain A and 
also load the login script specified in LDAP for Domain A.
ClientXP then logins as Domain B user.  Unable to map anything and fail 
to load the login scripts.
Vice Versa.  It depends whether the Client joins which Domain.

In the syslogs on both PDCs, (Client Joins DomA) I found out that some 
how they are querying the LDAP_DomA for the user_DomB, when I login to 
the dom B.  It is weird, it should just query PDC_Dom_B for the user and 
then allow it to map.  However on the syslog, I saw it queries PDC_DomB 
first and then queries LDAP_DomA for user_Dom B..... it is weird.  As if 
the query failed for asking from PDC_Dom_B.  But on the syslog, NO 
errors and PDC_Dom_B checks its own LDAP and returns all the attributes 
for the users.



Igor Belyi wrote:
> I can give a shoot at explaining the behavior and if I'm too off I hope 
> I'll be corrected.
> When you select Domain into which you want to login you specify the 
> Domain where your credentials (username and password) should be verified 
> but shares specified without Domain will be retrieved from the Domain 
> your XP client belongs to.
> I think what you want is to have 'logon home = \\%D\%U' instead of the 
> one you get by default: '\\%N\%U'
> Hope it helps,
> Igor
> Adrian Chow wrote:
>> Hi,
>> Here is my scenario:-
>> 1.  I got 1 LDAP server with two domains (A & B) configured to it.
>> 2.  Both domain PDCs are fully trusted to one another.  I did the 
>> "trustdom establish" both ways.
>> 3.  I have 1 XP client that has joined Dom A.  The login bar can allow 
>> you to login to 2 domains.
>> 4.  I can managed to login to both domains.
>> 5.  I got all the sambaHomePath and home drive done properly on both 
>> servers in terms of LDAP portions.
>> Problem:-
>> When I login (from XP client) to Dom A, no problem.  The home drive 
>> gets mapped.
>> When I login to Dom B, the home drive never gets mapped.  The login 
>> scripts never run.  "net use x: /home" on the xp client says: "the 
>> user home directory cannot be determined."  But \\domB\homes on 
>> windows explorer worked!!
>> I turn all syslog to debug and check everything on BOTH PDCs.  NO 
>> errors!  What is going wrong?
>> Funny thing is that the Dom A PDC will query the Dom B for passwd auth 
>> check during the "net use x: /home".  Then it will query itself for 
>> the sambaHomeDrive details and such.... no errors at all... but 
>> logging in to Dom B cannot do it.
>> I have also tried unjoining Dom A and rejoining Dom B.  The results is 
>> vice versa.  That means Logging in to Dom B got no problems in terms 
>> of mapping.  But Logging in to Dom A got problems.....
>> Can anyone shed a light for me in this?  I was about to do mass 
>> deployment.  My version of Samba is 3.07 for Dom B and 3.04 for Dom A. 
>> They are running on Debian.
>> Thanks.
>> adrian

More information about the samba mailing list