[Samba] Re: Trusting and Trusted Domain Samba LDAP (mapping Home
Directories)Problem
Adrian Chow
achow at uwcsea.edu.sg
Thu Oct 28 05:51:39 GMT 2004
Hi Igor,
I think it is default in the smb.conf script that if you login as a user
that is not found in the PDC, and that the user is found in the remote
domain that is trusted, the "add user script = " will be activated. You
can prevent users from being created if u do not specify "add user
script" in the smb.conf.
adrian
Igor Belyi wrote:
> I've tried to login with a user testB which exists in DomainB but not in
> DomainA (Client XP is a DomainA member) and noticed that there's an
> attempt in DomainA to create a local user testB. I'm trying to
> investigate if there any problem with my winbind setup in DomainA...
>
> I'll keep you posted.
> Igor
>
> Igor Belyi wrote:
>
>> Adrian Chow wrote:
>>
>>> Hi Igor,
>>>
>>> Thanks for your prompt reply.
>>>
>>> Just curious whether you have read my previous email regarding the
>>> different setup for my side. I have :-
>>> Domain A controller :- openldap 2.1.23 (slave), samba 3.04 (PDC)
>>> Domain B controller :- openldap 2.1.30-3 (slave), samba 3.07 (PDC)
>>> Main LDAP server : - openldap 2.0.27-3.bunk (master).
>>
>>
>>
>> So you have the same LDAP directory for both PDCs? Can you show
>> smb.conf for both PDCs? How did you configure your LDAP slaves - do
>> they have write access to the entries PDC uses?
>>
>>> Question 1:- Wonder if there will be a problem with the openldap
>>> setup? Should I upgrade all the LDAP to have same version?
>>
>>
>>
>> Since we don't know yet what kind of problem you face it's difficult
>> to say if LDAP version matters. My guess is it does not and that the
>> newer version you have the better.
>>
>>> Question 2:- If I were to upgrade Domain A to samba 3.07 (as I
>>> thought there could be a potential problem with the trusting/trusted
>>> domains), any clue of how can I upgrade to samba 3.07 without losing
>>> the SID or any problems? I was thinking of doing the following:-
>>> 1. Backup the smb.conf file
>>
>>
>>
>> I don't think smb.conf gets changed during upgrade, but backups never
>> hurt.
>>
>>> 2. smbldap-conf file (containing the SID number).
>>
>>
>>
>> It will make sense if you plan to update smbldap tools as well. Note,
>> that Domain SID which Samba uses is kept in LDAP entry and the one
>> written in smbldap-conf file should mirror it. And since it is kept in
>> LDAP upgrade of Samba 3.x should not cause its change. I don't
>> remember big changes in smbldap-conf between 3.0.4 and 3.0.7 Sambas
>> but I would recommend to look at the 'diff' between backuped and newly
>> installed versions to verify that.
>>
>>> Is there any thing I left out? Will the SID be changed? The reason
>>> I ask was because I already got a domain member server under domain A
>>> (samba 3.04) and I do not want to lose the SID cos I have like 260
>>> users's home directory in that domain member server (windows 2003
>>> server).
>>>
>>> Thanks in advance.
>>>
>>> Regards,
>>>
>>> adrian
>>>
>>> Igor Belyi wrote:
>>>
>>>> Sorry... Got busy with something else. I'll try to do the test with
>>>> different users tomorrow. There could be a problem with my previous
>>>> test since the user present in both Domains also has the same
>>>> password and this may allow credentials from one domain to somehow
>>>> be used in another.
>>>>
>>>> If you would collect trace for both 'login' and 'net user x: /home'
>>>> times - it will be great. Make sure that trace is with 'log level =
>>>> 5' and if you have more than one machine that you collect trace for
>>>> the Client XP machine (probably, by including %m in the 'log file').
>>>>
>>>> I apologize for the delay.
>>>> Igor
>>>>
>>>> Adrian Chow wrote:
>>>>
>>>>> Hi Igor,
>>>>>
>>>>> Wondering have you tried to one the scenario when a domain B user
>>>>> logins on domain A machine where the domain B username is not found
>>>>> in domain A machine? Can you still map the drives?
>>>>>
>>>>> Also you were asking for the smbd files.... how should I get them?
>>>>> During when I login or during when I typed the commmand "net use x:
>>>>> /home" on the dos prompt?
>>>>>
>>>>> Thanks. Just concerned as I have not heard from you.
>>>>>
>>>>> adrian
>>>>
>>>>
>
>
More information about the samba
mailing list