[Samba] Samba and trusted domains
Michael Gasch
gasch at eva.mpg.de
Mon Jul 3 08:21:48 GMT 2006
:)
> idmap backend = ITGIL=10000-19999,EU15=20000-30000
this is not correct semantic ;)
example:
idmap backend = rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"
this should work
greez
Nir Barkan wrote:
> I added the idmap backend to my smb.conf as you suggested
>
>
> idmap backend = ITGIL=10000-19999,EU15=20000-30000
>
> I get the following (on the winbind debug):
>
> idmap_init: using 'ITGIL=10000-19999' as remote backend
> Error loading module '/opt/local/lib/idmap/ITGIL=10000-19999.so': ld.so.1:
> ./winbindd: fatal: /opt/local/lib/idmap/ITGIL=10000-19999.so: open failed:
> No such file or directory
> idmap_init: could not load remote backend 'ITGIL=10000-19999'
> Could not init idmap -- netlogon proxy only
>
> The idmap directory exists; do I need to run something manually?
>
> P.S
>
> ITGIL = my domain
> EU15 = my trusted domain
>
> Thanks,
>
> Nir
>
>
> -----Original Message-----
> From: Michael Gasch [mailto:gasch at eva.mpg.de]
> Sent: Sunday, July 02, 2006 9:46 PM
> To: Nir Barkan
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba and trusted domains
>
> you should do something like
>
> idmap backend = "MYDOMAIN=10000-19999,TRUSTEDDOMAINNAME=20000-100000000"
>
> as i already wrote in a posting before. this won't work with idmap_rid,
> but with all other backend.
> i think you can stay with "winbind trusted domains only".
>
> you should also run winbindd in interactive mode and debug level 3.
> then you should see something like "init idmap backend for DOMAIN
> MYDOMAIN, init idmap backend for DOMAIN TRUSTEDDOMAINNAME"
>
> greez
>
>
> Nir Barkan wrote:
>> Id test1 not working
>>
>> Wbinfo -u return DomainName username (EUROPE test1)
>>
>> The user is from trusted domain
>>
>> I defined idmap uid = 10000-2000 and idmap gid = 10000-20000 on my
>> smb.conf, Do I need to define something more?
>>
>> Thanks,
>>
>> Nir
>>
>> -----Original Message-----
>> From: Michael Gasch [mailto:gasch at eva.mpg.de]
>> Sent: Friday, June 30, 2006 4:12 PM
>> To: Nir Barkan
>> Cc: samba at lists.samba.org
>> Subject: Re: [Samba] Samba and trusted domains
>>
>> > Id test1 not working
>> but wbinfo -u shows it?
>> if so you have a problem with with mapping samba accounts to unix
> accounts.
>> is it a user from a trusted domain (to get back to the thread title)?
>>
>> > My dc is windows 2003 DC, do I need to install something on it?
>> no
>>
>> greez
>>
>> Nir Barkan wrote:
>>
>>> Id test1 not working
>>>
>>> I tried without "winbind trusted domains only = Yes" and got the same
>>> results.
>>>
>>> My dc is windows 2003 DC, do I need to install something on it?
>>>
>>> P.S
>>>
>>> Thanks much for your help :-)
>>>
>>> -----Original Message-----
>>> From: Michael Gasch [mailto:gasch at eva.mpg.de]
>>> Sent: Thursday, June 29, 2006 1:19 PM
>>> To: Nir Barkan
>>> Cc: samba at lists.samba.org
>>> Subject: Re: [Samba] Samba and trusted domains
>>>
>>>
>>>> "Id <username_from_local_domain_without_prefix_domainname" give me the
>>> user
>>>
>>>> uid and gid.
>>> good
>>>
>>> some further questions:
>>> - does "id test1" work?
>>> - why did you set "winbind trusted domains only = Yes"
>>>
>>> for trusted domains to work, you have to use winbind on your DC.
>>> furthermore on each member server you have to specify an idmap range for
>>> each domain, like
>>>
>>> idmap backend = "MYDOMAIN=10000-19999,TRUSTEDDOMAIN=20000-100000000"
>>>
>>> greez
>>>
>>>
>>>
>>
>
>
>
>
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
49 (0)341 - 3550 374
Fax: 49 (0)341 - 3550 399
More information about the samba
mailing list