[Samba] Samba and trusted domains

Michael Gasch gasch at eva.mpg.de
Mon Jul 3 08:21:48 GMT 2006


:)

 > idmap backend = ITGIL=10000-19999,EU15=20000-30000
this is not correct semantic ;)

example:
idmap backend = rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"

this should work

greez


Nir Barkan wrote:
> I added the idmap backend to my smb.conf as you suggested
> 
> 
> idmap backend = ITGIL=10000-19999,EU15=20000-30000
> 
> I get the following (on the winbind debug):
> 
> idmap_init: using 'ITGIL=10000-19999' as remote backend
> Error loading module '/opt/local/lib/idmap/ITGIL=10000-19999.so': ld.so.1:
> ./winbindd: fatal: /opt/local/lib/idmap/ITGIL=10000-19999.so: open failed:
> No such file or directory
> idmap_init: could not load remote backend 'ITGIL=10000-19999'
> Could not init idmap -- netlogon proxy only
> 
> The idmap directory exists; do I need to run something manually?
> 
> P.S
> 
> ITGIL = my domain
> EU15 = my trusted domain
> 
> Thanks,
> 
> Nir
> 
> 
> -----Original Message-----
> From: Michael Gasch [mailto:gasch at eva.mpg.de] 
> Sent: Sunday, July 02, 2006 9:46 PM
> To: Nir Barkan
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba and trusted domains
> 
> you should do something like
> 
> idmap backend = "MYDOMAIN=10000-19999,TRUSTEDDOMAINNAME=20000-100000000"
> 
> as i already wrote in a posting before. this won't work with idmap_rid, 
> but with all other backend.
> i think you can stay with "winbind trusted domains only".
> 
> you should also run winbindd in interactive mode and debug level 3.
> then you should see something like "init idmap backend for DOMAIN 
> MYDOMAIN, init idmap backend for DOMAIN TRUSTEDDOMAINNAME"
> 
> greez
> 
> 
> Nir Barkan wrote:
>> Id test1 not working
>>
>> Wbinfo -u return DomainName username (EUROPE test1)
>>
>> The user is from trusted domain 
>>
>> I defined idmap uid = 10000-2000 and  idmap gid = 10000-20000 on my
>> smb.conf, Do I need to define something more?
>>
>> Thanks,
>>
>> Nir
>>
>> -----Original Message-----
>> From: Michael Gasch [mailto:gasch at eva.mpg.de] 
>> Sent: Friday, June 30, 2006 4:12 PM
>> To: Nir Barkan
>> Cc: samba at lists.samba.org
>> Subject: Re: [Samba] Samba and trusted domains
>>
>>  > Id test1 not working
>> but wbinfo -u shows it?
>> if so you have a problem with with mapping samba accounts to unix
> accounts.
>> is it a user from a trusted domain (to get back to the thread title)?
>>
>>  > My dc is windows 2003 DC, do I need to install something on it?
>> no
>>
>> greez
>>
>> Nir Barkan wrote:
>>
>>> Id test1 not working
>>>
>>> I tried without "winbind trusted domains only = Yes" and got the same
>>> results.
>>>
>>> My dc is windows 2003 DC, do I need to install something on it?
>>>
>>> P.S
>>>
>>> Thanks much for your help :-)
>>>
>>> -----Original Message-----
>>> From: Michael Gasch [mailto:gasch at eva.mpg.de] 
>>> Sent: Thursday, June 29, 2006 1:19 PM
>>> To: Nir Barkan
>>> Cc: samba at lists.samba.org
>>> Subject: Re: [Samba] Samba and trusted domains
>>>
>>>
>>>> "Id <username_from_local_domain_without_prefix_domainname" give me the
>>> user
>>>
>>>> uid and gid.
>>> good
>>>
>>> some further questions:
>>> - does "id test1" work?
>>> - why did you set "winbind trusted domains only = Yes"
>>>
>>> for trusted domains to work, you have to use winbind on your DC.
>>> furthermore on each member server you have to specify an idmap range for 
>>> each domain, like
>>>
>>> idmap backend = "MYDOMAIN=10000-19999,TRUSTEDDOMAIN=20000-100000000"
>>>
>>> greez
>>>
>>>
>>>
>>
> 
> 
> 
> 

-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
        49 (0)341 - 3550 374

Fax:   49 (0)341 - 3550 399



More information about the samba mailing list