[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home Directories)Problem

Adrian Chow achow at uwcsea.edu.sg
Sat Oct 23 06:27:30 GMT 2004 

Hi Igor,

I am no samba expert.  Reading your email produce 2 thots.

1.  If I have not read wrongly, you DID NOT managed to reproduce my scenario cos when you joined Domain A , login as user of DomB , you got the expected result, the Domain B's sambahomepath and drive gets map to the user B.  Mine result was this:
I joined Domain A, login as user of Dom B, I did NOT get Domain B's sambahomepath and drive for the specific user of Dom B.

I am mentioning this cos you said "I've tried to reproduce your problem and was surprised to see that I've got your expected behavior."

2.  If you managed to map wherever you joined, GREAT.  That means I've got hope.  Got I wanted to give up on samba already.  Do you believe I tried 2 days just to troubleshoot this problem?????

I do not know what logs you want.  Maybe you can specify for me.  Anyway i get call you?  I am anxious to get the domain running.  I do not know how to paste as well cos it is very long. 

My ldap settings may be weird. I got the same tree for my ldap settings.  the main suffix is dc=uwcsea,dc=org.  Then the DomA is ou=staffnet,dc=uwcsea,dc=org.  Dom B is ou=studentnet,dc=uwcsea,dc=org.  All the domain controllers are replica of the main LDAP server which is running version 2.0 of OpenLDAP.  (DEBIAN).

On my libnssldap.conf, pam_ldap.conf and ldap.conf are using base=dc=uwcsea,dc=org cos I need to see both sides of the domain right?  Getent passwd works.  But some other stuff may not work as expected.  The main thing is that logging in as users of both domains are fine.  

BTW, I do not have uid=root.  One side is uid=Administrator and the other uid=stuadmin.  All their uids are 0.

I noted that uid=root is very required to do "net rpc trustdom list".  Anyway my brains are stuffed.
 
Thanks for the glimpse of hope.  Please give suggestions as I really need them.  THANKS a lot for testing out on your side.

adrian




 

---------- Original Message ----------------------------------
From: Igor Belyi <sambauser at katehok.ac93.org>
Date:  Fri, 22 Oct 2004 18:26:08 -0400

>Adrian Chow wrote:
>
>> Hi Igor,
>>
>> Thanks for giving it a shot.  Maybe by asking questions I get to 
>> clarify something.
>>
>> 1.  What do you mean by Shares specified with Domain?
>
>When you run 'net user X: /homes' you do not specify a domain to get 
>[homes] shares from. On the other hand using \\DomB\homes - does.
>
>>
>> My 2 PDCs are having the default \\%N\%U at the logon home path in the 
>> smb.conf.
>> However, under LDAP, each user (in both domains) are having a 
>> sambaHomePath and sambaHomeDrive attribute.  And the home path is not 
>> necessary pointing to the PDC.  It could be a remote server which is a 
>> domain member of the respective PDC.  Hence I have setup such that the 
>> each domain have a different atttribute.  I did not change the 
>> smb.conf configuration on the "logon home".
>> Domain A user may point to \\domain_member_server_of_DomA\%U
>> Domain B user may point to \\PDC_of_DomB\%U
>>
>> I also tested that the attributes in LDAP overwrites the smb.conf 
>> "logon home".
>>
>> Likewise I got the same signs.  ClientXP joins Domain A.  Logins as 
>> Domain A user. Able to map all drive specified in LDAP for domain A 
>> and also load the login script specified in LDAP for Domain A.
>> ClientXP then logins as Domain B user.  Unable to map anything and 
>> fail to load the login scripts.
>> Vice Versa.  It depends whether the Client joins which Domain.
>>
>> In the syslogs on both PDCs, (Client Joins DomA) I found out that some 
>> how they are querying the LDAP_DomA for the user_DomB, when I login to 
>> the dom B.  It is weird, it should just query PDC_Dom_B for the user 
>> and then allow it to map.  However on the syslog, I saw it queries 
>> PDC_DomB first and then queries LDAP_DomA for user_Dom B..... it is 
>> weird.  As if the query failed for asking from PDC_Dom_B.  But on the 
>> syslog, NO errors and PDC_Dom_B checks its own LDAP and returns all 
>> the attributes for the users.
>
>I've tried to reproduce your problem and was surprised to see that I've 
>got your expected behavior.
>
>I've got DomainA, served by ServerA and DomainB, served by ServerB. I 
>have a user 'user' in both domains but in DomainA it has 'sambaHomeDrive 
>= Z:' and 'sambaHomePath = \\ServerA\user' while in DomainB it has 
>'sambaHomeDrive = X:' and 'sambaHomePath = \\ServerB\user'. I joined 
>ClientXP to DomainA. When I login as a user 'user' into DomainA on this 
>ClientXP I get home mapped on Z: and files are from ServerA. When I 
>login as a user 'user' into DomainB I get home mapped on X: and files 
>are from ServerB.
>
>I haven't try this yet with users present only in one domain and not in 
>the other.
>
>BTW, can you share your smbd logs? It could help to understand what 
>happens in your setup.
>
>Thanks,
>Igor
>
>> Thanks.
>>
>> adrian
>>
>> Igor Belyi wrote:
>>
>>> I can give a shoot at explaining the behavior and if I'm too off I 
>>> hope I'll be corrected.
>>>
>>> When you select Domain into which you want to login you specify the 
>>> Domain where your credentials (username and password) should be 
>>> verified but shares specified without Domain will be retrieved from 
>>> the Domain your XP client belongs to.
>>>
>>> I think what you want is to have 'logon home = \\%D\%U' instead of 
>>> the one you get by default: '\\%N\%U'
>>>
>>> Hope it helps,
>>> Igor
>>>
>>> Adrian Chow wrote:
>>>
>>>> Hi,
>>>>
>>>> Here is my scenario:-
>>>> 1.  I got 1 LDAP server with two domains (A & B) configured to it.
>>>> 2.  Both domain PDCs are fully trusted to one another.  I did the 
>>>> "trustdom establish" both ways.
>>>> 3.  I have 1 XP client that has joined Dom A.  The login bar can 
>>>> allow you to login to 2 domains.
>>>> 4.  I can managed to login to both domains.
>>>> 5.  I got all the sambaHomePath and home drive done properly on both 
>>>> servers in terms of LDAP portions.
>>>>
>>>>
>>>> Problem:-
>>>> When I login (from XP client) to Dom A, no problem.  The home drive 
>>>> gets mapped.
>>>> When I login to Dom B, the home drive never gets mapped.  The login 
>>>> scripts never run.  "net use x: /home" on the xp client says: "the 
>>>> user home directory cannot be determined."  But \\domB\homes on 
>>>> windows explorer worked!!
>>>>
>>>> I turn all syslog to debug and check everything on BOTH PDCs.  NO 
>>>> errors!  What is going wrong?
>>>>
>>>> Funny thing is that the Dom A PDC will query the Dom B for passwd 
>>>> auth check during the "net use x: /home".  Then it will query itself 
>>>> for the sambaHomeDrive details and such.... no errors at all... but 
>>>> logging in to Dom B cannot do it.
>>>>
>>>> I have also tried unjoining Dom A and rejoining Dom B.  The results 
>>>> is vice versa.  That means Logging in to Dom B got no problems in 
>>>> terms of mapping.  But Logging in to Dom A got problems.....
>>>>
>>>>
>>>> Can anyone shed a light for me in this?  I was about to do mass 
>>>> deployment.  My version of Samba is 3.07 for Dom B and 3.04 for Dom 
>>>> A. They are running on Debian.
>>>>
>>>> Thanks.
>>>>
>>>> adrian
>>>>
>>>
>>>
>>>
>>
>
>

More information about the samba mailing list