[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home Directories)Problem

Igor Belyi sambauser at katehok.ac93.org
Wed Oct 27 14:51:50 GMT 2004

Adrian Chow wrote:

> Hi Igor,
> Thanks for your prompt reply.
> Just curious whether you have read my previous email regarding the 
> different setup for my side.  I have :-
> Domain A controller :- openldap 2.1.23 (slave), samba 3.04 (PDC)
> Domain B controller :- openldap 2.1.30-3 (slave), samba 3.07 (PDC)
> Main LDAP server : - openldap 2.0.27-3.bunk (master).

So you have the same LDAP directory for both PDCs? Can you show smb.conf 
for both PDCs? How did you configure your LDAP slaves - do they have 
write access to the entries PDC uses?

> Question 1:- Wonder if there will be a problem with the openldap 
> setup?  Should I upgrade all the LDAP to have same version?

Since we don't know yet what kind of problem you face it's difficult to 
say if LDAP version matters. My guess is it does not and that the newer 
version you have the better.

> Question 2:- If I were to upgrade Domain A to samba 3.07 (as I thought 
> there could be a potential problem with the trusting/trusted domains), 
> any clue of how can I upgrade to samba 3.07 without losing the SID or 
> any problems?    I was thinking of doing the following:-
> 1.  Backup the smb.conf file

I don't think smb.conf gets changed during upgrade, but backups never hurt.

> 2.  smbldap-conf file (containing the SID number).

It will make sense if you plan to update smbldap tools as well. Note, 
that Domain SID which Samba uses is kept in LDAP entry and the one 
written in smbldap-conf file should mirror it. And since it is kept in 
LDAP upgrade of Samba 3.x should not cause its change. I don't remember 
big changes in smbldap-conf between 3.0.4 and 3.0.7 Sambas but I would 
recommend to look at the 'diff' between backuped and newly installed 
versions to verify that.

> Is there any thing I left out?  Will the SID be changed?  The reason I 
> ask was because I already got a domain member server under domain A 
> (samba 3.04) and I do not want to lose the SID cos I have like 260 
> users's home directory in that domain member server (windows 2003 
> server).
> Thanks in advance.
> Regards,
> adrian
> Igor Belyi wrote:
>> Sorry... Got busy with something else. I'll try to do the test with 
>> different users tomorrow. There could be a problem with my previous 
>> test since the user present in both Domains also has the same 
>> password and this may allow credentials from one domain to somehow be 
>> used in another.
>> If you would collect trace for both 'login' and 'net user x: /home' 
>> times - it will be great. Make sure that trace is with 'log level = 
>> 5' and if you have more than one machine that you collect trace for 
>> the Client XP machine (probably, by including %m in the 'log file').
>> I apologize for the delay.
>> Igor
>> Adrian Chow wrote:
>>> Hi Igor,
>>> Wondering have you tried to one the scenario when a domain B user 
>>> logins on domain A machine where the domain B username is not found 
>>> in domain A machine?  Can you still map the drives?
>>> Also you were asking for the smbd files.... how should I get them? 
>>> During when I login or during when I typed the commmand "net use x: 
>>> /home" on the dos prompt?
>>> Thanks.  Just concerned as I have not heard from you.
>>> adrian

More information about the samba mailing list