[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home Directories) Problem

Fri Oct 22 22:26:08 GMT 2004

Adrian Chow wrote:

> Hi Igor,
>
> Thanks for giving it a shot.  Maybe by asking questions I get to 
> clarify something.
>
> 1.  What do you mean by Shares specified with Domain?

When you run 'net user X: /homes' you do not specify a domain to get 
[homes] shares from. On the other hand using \\DomB\homes - does.

>
> My 2 PDCs are having the default \\%N\%U at the logon home path in the 
> smb.conf.
> However, under LDAP, each user (in both domains) are having a 
> sambaHomePath and sambaHomeDrive attribute.  And the home path is not 
> necessary pointing to the PDC.  It could be a remote server which is a 
> domain member of the respective PDC.  Hence I have setup such that the 
> each domain have a different atttribute.  I did not change the 
> smb.conf configuration on the "logon home".
> Domain A user may point to \\domain_member_server_of_DomA\%U
> Domain B user may point to \\PDC_of_DomB\%U
>
> I also tested that the attributes in LDAP overwrites the smb.conf 
> "logon home".
>
> Likewise I got the same signs.  ClientXP joins Domain A.  Logins as 
> Domain A user. Able to map all drive specified in LDAP for domain A 
> and also load the login script specified in LDAP for Domain A.
> ClientXP then logins as Domain B user.  Unable to map anything and 
> fail to load the login scripts.
> Vice Versa.  It depends whether the Client joins which Domain.
>
> In the syslogs on both PDCs, (Client Joins DomA) I found out that some 
> how they are querying the LDAP_DomA for the user_DomB, when I login to 
> the dom B.  It is weird, it should just query PDC_Dom_B for the user 
> and then allow it to map.  However on the syslog, I saw it queries 
> PDC_DomB first and then queries LDAP_DomA for user_Dom B..... it is 
> weird.  As if the query failed for asking from PDC_Dom_B.  But on the 
> syslog, NO errors and PDC_Dom_B checks its own LDAP and returns all 
> the attributes for the users.

I've tried to reproduce your problem and was surprised to see that I've 
got your expected behavior.

I've got DomainA, served by ServerA and DomainB, served by ServerB. I 
have a user 'user' in both domains but in DomainA it has 'sambaHomeDrive 
= Z:' and 'sambaHomePath = \\ServerA\user' while in DomainB it has 
'sambaHomeDrive = X:' and 'sambaHomePath = \\ServerB\user'. I joined 
ClientXP to DomainA. When I login as a user 'user' into DomainA on this 
ClientXP I get home mapped on Z: and files are from ServerA. When I 
login as a user 'user' into DomainB I get home mapped on X: and files 
are from ServerB.

I haven't try this yet with users present only in one domain and not in 
the other.

BTW, can you share your smbd logs? It could help to understand what 
happens in your setup.

Thanks,
Igor

> Thanks.
>
> adrian
>
> Igor Belyi wrote:
>
>> I can give a shoot at explaining the behavior and if I'm too off I 
>> hope I'll be corrected.
>>
>> When you select Domain into which you want to login you specify the 
>> Domain where your credentials (username and password) should be 
>> verified but shares specified without Domain will be retrieved from 
>> the Domain your XP client belongs to.
>>
>> I think what you want is to have 'logon home = \\%D\%U' instead of 
>> the one you get by default: '\\%N\%U'
>>
>> Hope it helps,
>> Igor
>>
>> Adrian Chow wrote:
>>
>>> Hi,
>>>
>>> Here is my scenario:-
>>> 1.  I got 1 LDAP server with two domains (A & B) configured to it.
>>> 2.  Both domain PDCs are fully trusted to one another.  I did the 
>>> "trustdom establish" both ways.
>>> 3.  I have 1 XP client that has joined Dom A.  The login bar can 
>>> allow you to login to 2 domains.
>>> 4.  I can managed to login to both domains.
>>> 5.  I got all the sambaHomePath and home drive done properly on both 
>>> servers in terms of LDAP portions.
>>>
>>>
>>> Problem:-
>>> When I login (from XP client) to Dom A, no problem.  The home drive 
>>> gets mapped.
>>> When I login to Dom B, the home drive never gets mapped.  The login 
>>> scripts never run.  "net use x: /home" on the xp client says: "the 
>>> user home directory cannot be determined."  But \\domB\homes on 
>>> windows explorer worked!!
>>>
>>> I turn all syslog to debug and check everything on BOTH PDCs.  NO 
>>> errors!  What is going wrong?
>>>
>>> Funny thing is that the Dom A PDC will query the Dom B for passwd 
>>> auth check during the "net use x: /home".  Then it will query itself 
>>> for the sambaHomeDrive details and such.... no errors at all... but 
>>> logging in to Dom B cannot do it.
>>>
>>> I have also tried unjoining Dom A and rejoining Dom B.  The results 
>>> is vice versa.  That means Logging in to Dom B got no problems in 
>>> terms of mapping.  But Logging in to Dom A got problems.....
>>>
>>>
>>> Can anyone shed a light for me in this?  I was about to do mass 
>>> deployment.  My version of Samba is 3.07 for Dom B and 3.04 for Dom 
>>> A. They are running on Debian.
>>>
>>> Thanks.
>>>
>>> adrian
>>>
>>
>>
>>
>