[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home Directories)Problem

Igor Belyi sambauser at katehok.ac93.org
Thu Oct 28 05:13:49 GMT 2004

I've tried to login with a user testB which exists in DomainB but not in 
DomainA (Client XP is a DomainA member) and noticed that there's an 
attempt in DomainA to create a local user testB. I'm trying to 
investigate if there any problem with my winbind setup in DomainA...

I'll keep you posted.

Igor Belyi wrote:

> Adrian Chow wrote:
>> Hi Igor,
>> Thanks for your prompt reply.
>> Just curious whether you have read my previous email regarding the 
>> different setup for my side.  I have :-
>> Domain A controller :- openldap 2.1.23 (slave), samba 3.04 (PDC)
>> Domain B controller :- openldap 2.1.30-3 (slave), samba 3.07 (PDC)
>> Main LDAP server : - openldap 2.0.27-3.bunk (master).
> So you have the same LDAP directory for both PDCs? Can you show 
> smb.conf for both PDCs? How did you configure your LDAP slaves - do 
> they have write access to the entries PDC uses?
>> Question 1:- Wonder if there will be a problem with the openldap 
>> setup?  Should I upgrade all the LDAP to have same version?
> Since we don't know yet what kind of problem you face it's difficult 
> to say if LDAP version matters. My guess is it does not and that the 
> newer version you have the better.
>> Question 2:- If I were to upgrade Domain A to samba 3.07 (as I 
>> thought there could be a potential problem with the trusting/trusted 
>> domains), any clue of how can I upgrade to samba 3.07 without losing 
>> the SID or any problems?    I was thinking of doing the following:-
>> 1.  Backup the smb.conf file
> I don't think smb.conf gets changed during upgrade, but backups never 
> hurt.
>> 2.  smbldap-conf file (containing the SID number).
> It will make sense if you plan to update smbldap tools as well. Note, 
> that Domain SID which Samba uses is kept in LDAP entry and the one 
> written in smbldap-conf file should mirror it. And since it is kept in 
> LDAP upgrade of Samba 3.x should not cause its change. I don't 
> remember big changes in smbldap-conf between 3.0.4 and 3.0.7 Sambas 
> but I would recommend to look at the 'diff' between backuped and newly 
> installed versions to verify that.
>> Is there any thing I left out?  Will the SID be changed?  The reason 
>> I ask was because I already got a domain member server under domain A 
>> (samba 3.04) and I do not want to lose the SID cos I have like 260 
>> users's home directory in that domain member server (windows 2003 
>> server).
>> Thanks in advance.
>> Regards,
>> adrian
>> Igor Belyi wrote:
>>> Sorry... Got busy with something else. I'll try to do the test with 
>>> different users tomorrow. There could be a problem with my previous 
>>> test since the user present in both Domains also has the same 
>>> password and this may allow credentials from one domain to somehow 
>>> be used in another.
>>> If you would collect trace for both 'login' and 'net user x: /home' 
>>> times - it will be great. Make sure that trace is with 'log level = 
>>> 5' and if you have more than one machine that you collect trace for 
>>> the Client XP machine (probably, by including %m in the 'log file').
>>> I apologize for the delay.
>>> Igor
>>> Adrian Chow wrote:
>>>> Hi Igor,
>>>> Wondering have you tried to one the scenario when a domain B user 
>>>> logins on domain A machine where the domain B username is not found 
>>>> in domain A machine?  Can you still map the drives?
>>>> Also you were asking for the smbd files.... how should I get them? 
>>>> During when I login or during when I typed the commmand "net use x: 
>>>> /home" on the dos prompt?
>>>> Thanks.  Just concerned as I have not heard from you.
>>>> adrian

More information about the samba mailing list