[Samba] Problems with Trusted Domains
Andi
gmane at faerun.fsnet.co.uk
Mon Feb 7 02:16:53 GMT 2005
The company I work for is split across two sites, each site has its own
domain. The local end is a Samba server (DomA) with about 50 users, the
remote end is NT4(DomB) with about 150 active users (400+ usernames in
userlist). The two sites are connected over a VPN (Internally
DomA=172.16.1.0/24, DomB=10.1.0.0/16) and the two domains trust each other.
Users from either site regularly visit, and work from, the other site.
When a DomA user logs in from either site, he gets the login script and
profile from DomA.
However, when a user from DomB logs in from the DomA site, he does not
get a login script or a profile from DomB (or DomA). From the DomB site,
everything works as expected.
The Samba server was initially setup using 3.0.4 but the problem is
still present with 3.0.11.
I believe that the trusts are working properly - 'wbinfo -t' returns OK,
and all authentication appears to be working.
'getent passwd/group' show all users/groups on both domains.
However, I am also having problems with setfacl/getfacl when using Samba
3.0.6 or greater. With 3.0.5, there are no problems, but as soon as
winbindd 3.0.6 is installed, some of the usernames from DomB are not
recognised
e.g.
with 3.0.5, 'setfacl -m u:DomB+someuser:r-x somefile' succeeds, and
'getfacl somefile' includes 'user:DomB+someuser:r-x' in the ACL.
with 3.0.6, the same setfacl command returns an error and getfacl
returns 'user:10424:r-x' and 'user:DomB+anotheruser:r-x' (where idmap
uids are 10000-20000).
Is there a reason why the scripts/profiles are not being read back?
Why would some DomB users not work with setfacl/getfacl when winbindd is
updated to 3.0.6 or above?
Has anyone else had the same problems?
Samba server setup is as follows:
OS: SuSE 9.0 (no updates)
Samba: Updated/Compiled from sources, set as WINS server
Using LDAP and IdealX 0.8.4 (? I think) scripts.
Clients are Win2K and XP boxes (with varying SP levels).
I'll generate some logs when I get into work and post them later.
Thanks.
More information about the samba
mailing list