[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home
Directories)Problem
Igor Belyi
sambauser at katehok.ac93.org
Thu Oct 28 05:13:49 GMT 2004
I've tried to login with a user testB which exists in DomainB but not in
DomainA (Client XP is a DomainA member) and noticed that there's an
attempt in DomainA to create a local user testB. I'm trying to
investigate if there any problem with my winbind setup in DomainA...
I'll keep you posted.
Igor
Igor Belyi wrote:
> Adrian Chow wrote:
>
>> Hi Igor,
>>
>> Thanks for your prompt reply.
>>
>> Just curious whether you have read my previous email regarding the
>> different setup for my side. I have :-
>> Domain A controller :- openldap 2.1.23 (slave), samba 3.04 (PDC)
>> Domain B controller :- openldap 2.1.30-3 (slave), samba 3.07 (PDC)
>> Main LDAP server : - openldap 2.0.27-3.bunk (master).
>
>
> So you have the same LDAP directory for both PDCs? Can you show
> smb.conf for both PDCs? How did you configure your LDAP slaves - do
> they have write access to the entries PDC uses?
>
>> Question 1:- Wonder if there will be a problem with the openldap
>> setup? Should I upgrade all the LDAP to have same version?
>
>
> Since we don't know yet what kind of problem you face it's difficult
> to say if LDAP version matters. My guess is it does not and that the
> newer version you have the better.
>
>> Question 2:- If I were to upgrade Domain A to samba 3.07 (as I
>> thought there could be a potential problem with the trusting/trusted
>> domains), any clue of how can I upgrade to samba 3.07 without losing
>> the SID or any problems? I was thinking of doing the following:-
>> 1. Backup the smb.conf file
>
>
> I don't think smb.conf gets changed during upgrade, but backups never
> hurt.
>
>> 2. smbldap-conf file (containing the SID number).
>
>
> It will make sense if you plan to update smbldap tools as well. Note,
> that Domain SID which Samba uses is kept in LDAP entry and the one
> written in smbldap-conf file should mirror it. And since it is kept in
> LDAP upgrade of Samba 3.x should not cause its change. I don't
> remember big changes in smbldap-conf between 3.0.4 and 3.0.7 Sambas
> but I would recommend to look at the 'diff' between backuped and newly
> installed versions to verify that.
>
>> Is there any thing I left out? Will the SID be changed? The reason
>> I ask was because I already got a domain member server under domain A
>> (samba 3.04) and I do not want to lose the SID cos I have like 260
>> users's home directory in that domain member server (windows 2003
>> server).
>>
>> Thanks in advance.
>>
>> Regards,
>>
>> adrian
>>
>> Igor Belyi wrote:
>>
>>> Sorry... Got busy with something else. I'll try to do the test with
>>> different users tomorrow. There could be a problem with my previous
>>> test since the user present in both Domains also has the same
>>> password and this may allow credentials from one domain to somehow
>>> be used in another.
>>>
>>> If you would collect trace for both 'login' and 'net user x: /home'
>>> times - it will be great. Make sure that trace is with 'log level =
>>> 5' and if you have more than one machine that you collect trace for
>>> the Client XP machine (probably, by including %m in the 'log file').
>>>
>>> I apologize for the delay.
>>> Igor
>>>
>>> Adrian Chow wrote:
>>>
>>>> Hi Igor,
>>>>
>>>> Wondering have you tried to one the scenario when a domain B user
>>>> logins on domain A machine where the domain B username is not found
>>>> in domain A machine? Can you still map the drives?
>>>>
>>>> Also you were asking for the smbd files.... how should I get them?
>>>> During when I login or during when I typed the commmand "net use x:
>>>> /home" on the dos prompt?
>>>>
>>>> Thanks. Just concerned as I have not heard from you.
>>>>
>>>> adrian
>>>
More information about the samba
mailing list