[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home Directories)Problem

Adrian Chow achow at uwcsea.edu.sg
Thu Oct 28 05:51:39 GMT 2004 

Hi Igor,

I think it is default in the smb.conf script that if you login as a user 
that is not found in the PDC, and that the user is found in the remote 
domain that is trusted, the "add user script = " will be activated. You 
can prevent users from being created if u do not specify "add user 
script" in the smb.conf.

adrian


Igor Belyi wrote:
> I've tried to login with a user testB which exists in DomainB but not in 
> DomainA (Client XP is a DomainA member) and noticed that there's an 
> attempt in DomainA to create a local user testB. I'm trying to 
> investigate if there any problem with my winbind setup in DomainA...
> 
> I'll keep you posted.
> Igor
> 
> Igor Belyi wrote:
> 
>> Adrian Chow wrote:
>>
>>> Hi Igor,
>>>
>>> Thanks for your prompt reply.
>>>
>>> Just curious whether you have read my previous email regarding the 
>>> different setup for my side.  I have :-
>>> Domain A controller :- openldap 2.1.23 (slave), samba 3.04 (PDC)
>>> Domain B controller :- openldap 2.1.30-3 (slave), samba 3.07 (PDC)
>>> Main LDAP server : - openldap 2.0.27-3.bunk (master).
>>
>>
>>
>> So you have the same LDAP directory for both PDCs? Can you show 
>> smb.conf for both PDCs? How did you configure your LDAP slaves - do 
>> they have write access to the entries PDC uses?
>>
>>> Question 1:- Wonder if there will be a problem with the openldap 
>>> setup?  Should I upgrade all the LDAP to have same version?
>>
>>
>>
>> Since we don't know yet what kind of problem you face it's difficult 
>> to say if LDAP version matters. My guess is it does not and that the 
>> newer version you have the better.
>>
>>> Question 2:- If I were to upgrade Domain A to samba 3.07 (as I 
>>> thought there could be a potential problem with the trusting/trusted 
>>> domains), any clue of how can I upgrade to samba 3.07 without losing 
>>> the SID or any problems?    I was thinking of doing the following:-
>>> 1.  Backup the smb.conf file
>>
>>
>>
>> I don't think smb.conf gets changed during upgrade, but backups never 
>> hurt.
>>
>>> 2.  smbldap-conf file (containing the SID number).
>>
>>
>>
>> It will make sense if you plan to update smbldap tools as well. Note, 
>> that Domain SID which Samba uses is kept in LDAP entry and the one 
>> written in smbldap-conf file should mirror it. And since it is kept in 
>> LDAP upgrade of Samba 3.x should not cause its change. I don't 
>> remember big changes in smbldap-conf between 3.0.4 and 3.0.7 Sambas 
>> but I would recommend to look at the 'diff' between backuped and newly 
>> installed versions to verify that.
>>
>>> Is there any thing I left out?  Will the SID be changed?  The reason 
>>> I ask was because I already got a domain member server under domain A 
>>> (samba 3.04) and I do not want to lose the SID cos I have like 260 
>>> users's home directory in that domain member server (windows 2003 
>>> server).
>>>
>>> Thanks in advance.
>>>
>>> Regards,
>>>
>>> adrian
>>>
>>> Igor Belyi wrote:
>>>
>>>> Sorry... Got busy with something else. I'll try to do the test with 
>>>> different users tomorrow. There could be a problem with my previous 
>>>> test since the user present in both Domains also has the same 
>>>> password and this may allow credentials from one domain to somehow 
>>>> be used in another.
>>>>
>>>> If you would collect trace for both 'login' and 'net user x: /home' 
>>>> times - it will be great. Make sure that trace is with 'log level = 
>>>> 5' and if you have more than one machine that you collect trace for 
>>>> the Client XP machine (probably, by including %m in the 'log file').
>>>>
>>>> I apologize for the delay.
>>>> Igor
>>>>
>>>> Adrian Chow wrote:
>>>>
>>>>> Hi Igor,
>>>>>
>>>>> Wondering have you tried to one the scenario when a domain B user 
>>>>> logins on domain A machine where the domain B username is not found 
>>>>> in domain A machine?  Can you still map the drives?
>>>>>
>>>>> Also you were asking for the smbd files.... how should I get them? 
>>>>> During when I login or during when I typed the commmand "net use x: 
>>>>> /home" on the dos prompt?
>>>>>
>>>>> Thanks.  Just concerned as I have not heard from you.
>>>>>
>>>>> adrian
>>>>
>>>>
> 
>

More information about the samba mailing list