[Samba] Samba and trusted domains

Michael Gasch gasch at eva.mpg.de
Sun Jul 2 18:46:12 GMT 2006 

you should do something like

idmap backend = "MYDOMAIN=10000-19999,TRUSTEDDOMAINNAME=20000-100000000"

as i already wrote in a posting before. this won't work with idmap_rid, 
but with all other backend.
i think you can stay with "winbind trusted domains only".

you should also run winbindd in interactive mode and debug level 3.
then you should see something like "init idmap backend for DOMAIN 
MYDOMAIN, init idmap backend for DOMAIN TRUSTEDDOMAINNAME"

greez


Nir Barkan wrote:
> Id test1 not working
> 
> Wbinfo -u return DomainName username (EUROPE test1)
> 
> The user is from trusted domain 
> 
> I defined idmap uid = 10000-2000 and  idmap gid = 10000-20000 on my
> smb.conf, Do I need to define something more?
> 
> Thanks,
> 
> Nir
> 
> -----Original Message-----
> From: Michael Gasch [mailto:gasch at eva.mpg.de] 
> Sent: Friday, June 30, 2006 4:12 PM
> To: Nir Barkan
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba and trusted domains
> 
>  > Id test1 not working
> but wbinfo -u shows it?
> if so you have a problem with with mapping samba accounts to unix accounts.
> 
> is it a user from a trusted domain (to get back to the thread title)?
> 
>  > My dc is windows 2003 DC, do I need to install something on it?
> no
> 
> greez
> 
> Nir Barkan wrote:
> 
>>Id test1 not working
>>
>>I tried without "winbind trusted domains only = Yes" and got the same
>>results.
>>
>>My dc is windows 2003 DC, do I need to install something on it?
>>
>>P.S
>>
>>Thanks much for your help :-)
>>
>>-----Original Message-----
>>From: Michael Gasch [mailto:gasch at eva.mpg.de] 
>>Sent: Thursday, June 29, 2006 1:19 PM
>>To: Nir Barkan
>>Cc: samba at lists.samba.org
>>Subject: Re: [Samba] Samba and trusted domains
>>
>>
>>>"Id <username_from_local_domain_without_prefix_domainname" give me the
>>
>>user
>>
>>>uid and gid.
>>
>>good
>>
>>some further questions:
>>- does "id test1" work?
>>- why did you set "winbind trusted domains only = Yes"
>>
>>for trusted domains to work, you have to use winbind on your DC.
>>furthermore on each member server you have to specify an idmap range for 
>>each domain, like
>>
>>idmap backend = "MYDOMAIN=10000-19999,TRUSTEDDOMAIN=20000-100000000"
>>
>>greez
>>
>>
>>
> 
>

More information about the samba mailing list