[Samba] Help IDMAP_RID and trusted domains
Michael Gasch
gasch at eva.mpg.de
Tue Dec 6 09:20:27 GMT 2005
hi,
it´s me again :(
i´m still not able to use idmap_rid in a trusted domain environment
(samba v3.0.20b Sernet).
well, to be clear: NSS is not working (id, getent passwd <user>, ...) so
samba does not find the posix information for any user from a foreign domain
it´s working in a single domain with
#####################################
# WINBIND - Settings
idmap backend = idmap_rid:DOMA=10000-50000
idmap uid = 10000-50000
idmap gid = 10000-50000
allow trusted domains = no
winbind use default domain = yes
winbind enum users = no
winbind enum groups = no
winbind trusted domains only = no
allow trusted domains = no
winbind cache time = 60
template shell = /bin/bash
template homedir = /data/users/%U
#####################################
but it´s not working with
#####################################
# WINBIND - Settings
idmap backend = idmap_rid:DOMA=10000-20000,DOMB=20001-50000
idmap uid = 10000-50000
idmap gid = 10000-50000
allow trusted domains = yes
winbind use default domain = no
winbind enum users = no
winbind enum groups = no
winbind trusted domains only = no
allow trusted domains = no
winbind cache time = 60
template shell = /bin/bash
template homedir = /data/users/%U
#####################################
wbinfo -u gives me all users from all domains.
id DOMA\user gives me the correct information.
id DOMB\user gives me "No such user" and winbind says:
NT_STATUS_NONE_MAPPED
Could not lookup name for user DOMB\user
wbinfo -n "DOMB\user" does not work, too. but DOMA\user works.
is there a good manual for idmap_rid and trusts?
do i have to create two-way-trusts? we just have a one-way with DOMB.
i always just find idmap_rid in single domains and people telling me "it
works!"
thx in advance!
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
More information about the samba
mailing list