[Samba] Proper behavior of Interdomain Trust uid mappings

Robert Kelly robert.kelly at ebimed.com
Tue Jun 14 20:29:20 GMT 2005

Hi there,
I'm running Samba 3.0.14a-sernet on Suse 9.1 using ldapsam.
I've got an interdomain trust setup across a vpn connection with a
2k3sp1 domain (DOMB).
The trust works.
What is strange is that a user from DOMB can't access any shares until
they browse a share on our domain controller, say netlogon, then samba
creates a new posix account for them in the ou=users base.
I have nsswitch.conf using ldap, and samba configured to use winbind as
per the howto. Same wins etc.
What isn't clear to me is why the user account gets created as a regular
account and not in the ou=idmap base.

Shouldn't just a sambaIdmapEntry object be created in ou=IdMap and not a
posixaccount in ou=users?
The account gets created with a uid from the regular users range not
from the idmap uid range and still gets created when winbind is stopped.

I've read Chapter 18. Interdomain Trust Relationships over and over
again, but need some suggestions on the correct way to setup winbind on
a domain controller when using a trust.

Any clues?


More information about the samba mailing list