[Samba] Problems with Trusted Domains

Andi gmane at faerun.fsnet.co.uk
Mon Feb 7 02:16:53 GMT 2005

The company I work for is split across two sites, each site has its own 
domain. The local end is a Samba server (DomA) with about 50 users, the 
remote end is NT4(DomB) with about 150 active users (400+ usernames in 
userlist). The two sites are connected over a VPN (Internally 
DomA=, DomB= and the two domains trust each other.

Users from either site regularly visit, and work from, the other site.

When a DomA user logs in from either site, he gets the login script and 
profile from DomA.

However, when a user from DomB logs in from the DomA site, he does not 
get a login script or a profile from DomB (or DomA). From the DomB site, 
everything works as expected.

The Samba server was initially setup using 3.0.4 but the problem is 
still present with 3.0.11.

I believe that the trusts are working properly - 'wbinfo -t' returns OK, 
and all authentication appears to be working.

'getent passwd/group' show all users/groups on both domains.

However, I am also having problems with setfacl/getfacl when using Samba 
3.0.6 or greater. With 3.0.5, there are no problems, but as soon as 
winbindd 3.0.6 is installed, some of the usernames from DomB are not 

with 3.0.5, 'setfacl -m u:DomB+someuser:r-x somefile' succeeds, and
'getfacl somefile' includes 'user:DomB+someuser:r-x' in the ACL.

with 3.0.6, the same setfacl command returns an error and getfacl 
returns 'user:10424:r-x' and 'user:DomB+anotheruser:r-x' (where idmap 
uids are 10000-20000).

Is there a reason why the scripts/profiles are not being read back?
Why would some DomB users not work with setfacl/getfacl when winbindd is 
  updated to 3.0.6 or above?

Has anyone else had the same problems?

Samba server setup is as follows:
OS: SuSE 9.0 (no updates)
Samba: Updated/Compiled from sources, set as WINS server
Using LDAP and IdealX 0.8.4 (? I think) scripts.
Clients are Win2K and XP boxes (with varying SP levels).

I'll generate some logs when I get into work and post them later.


More information about the samba mailing list