[Samba] Samba 3.0.2x with trusted domains.
Vincent.Badier at alcatel.fr
Vincent.Badier at alcatel.fr
Tue Feb 28 11:52:03 GMT 2006
Hello all,
we have a samba server on a SLES9 linux box. It is connected to an active
directory with multiple trusted domains.
With this server, we have strange problems with users/groups in others
domains. The users/groups listed in smb.conf that are part of trusted
domains are not take in account to access the shares. We cannot as well
set ACL correctly on filesystem.
This is not an architectrure problem, since another samba box (3.0.2),
connected to the same domain, with the same config file, work perfectly.
So here is a summary of troubles. Note that after thoses checks, i've
upgraded to 3.0.21c (suse rpm packages) without any amelioration on
following points :
masters# rpm -qa | grep -i samba
yast2-samba-server-2.9.33-0.3
samba-client-3.0.20b-3.4
samba-3.0.20b-3.4
samba-doc-3.0.20b-3.4
kdebase3-samba-3.2.1-68.46
yast2-samba-client-2.9.17-1.3
samba-winbind-3.0.20b-3.4
Said that the samba server is linked to Domain1, and there are trusted
Domain2, Domain3, etc....
masters# wbinfo -t
checking the trust secret via RPC calls succeeded
masters# wbinfo -m
Domain1
Domain2
Domain3
....
masters# wbinfo -n Domain1+user1
S-1-5-21-1220945662-796845957-725345543-21380 User (1)
masters# wbinfo -s S-1-5-21-1220945662-796845957-725345543-21380
Domain1+user1 1
masters# wbinfo -r Domain1+user1
10000
10000
10001
10002
10003
....
masters# wbinfo -n Domain2+user2
S-1-5-21-2035491313-1038499582-81669161-1396 User (1)
masters# wbinfo -s S-1-5-21-2035491313-1038499582-81669161-1396
Domain2+user2
masters# wbinfo -S S-1-5-21-2035491313-1038499582-81669161-1396
10002
masters# wbinfo -r Domain2+user2
Could not get groups for user Domain2+user2
In addition in the log.winbindd i get the following strange record - no
SID lookup for trusted domains :
[2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain Domain1 S-1-5-21-1220945662-796845957-725345543
[2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain Domain2 S-0-0
[2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain Domain3 S-0-0
[2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain Domain4 S-0-0
Other strange behaviour, is that on a working share, with a domain account
which work (primary domain), i can setup ACL on files with users from
other computer via windows. The getfacl will show the corresponding unix
gid. However,
I really don't understand what kind of problem it may come from, so any
suggestions are welcome.
I repeat that with a 3.0.2 compiled manually a couple of years ago (Feb
2004), is correctly working on a debian server.
Best Regard's.
Vincent Badier
More information about the samba
mailing list