[Samba] domain member WIN2003 AD - Trusted Domain

hans paul hans.paul1 at gmx.net
Mon Feb 11 17:49:21 GMT 2008


> IMHO, for this to work you should define "idmap domains = DOMAINA
> DOMAINB" and configure the idmap backend appropriately for both domains
> using idmap config DOMAIN:backend/range/default etc...
>
> For more details see "man idmap_tdb, man idmap_ldap and man idmap_rid".
>
> --Sadique

Hi Sadique,

thanks for your response. I test it but I don't get it right...
I only can connect from DOMAINA, not from DOMAINB. The DOMAINB is trusting from DOMAINA.

Adapt my config:
--------------------------
[global]
# domain settings
workgroup = DOMAINA
realm = DOMAINA.DOM.NET
security = ads
client use spnego = Yes
password server = passwordserver.DOMAINA.DOM.NET
server string = %h server
dns proxy = no
encrypt passwords = true
invalid users = root
socket options = TCP_NODELAY

# idmap - Posix Nummernbereich fuer die Abbildung
idmap uid = 100000-150000
idmap gid = 100000-150000

idmap domains = DOMAINA DOMAINB
idmap config DOMAINA:default = yes
idmap config DOMAINA:backend = tdb
idmap config DOMAINA:range = 100000-150000

idmap config DOMAINB:default = no
idmap config DOMAINB:backend = tdb
idmap config DOMAINB:range = 100000-150000

idmap alloc backend = tdb
idmap alloc config:range = 100000-150000

# winbind settings
winbind separator = /
winbind use default domain = Yes
# Zeitintervall fuer die Zwischenspeicherung von Informationen
winbind cache time = 30
# Auflistung der Benutzer erlauben (z.B: getent passwd)
winbind enum users = No
# Auflistung der Gruppen erlauben (z.B: getent group)
winbind enum groups = No
# Gruppen in Gruppen unterstuetzen
winbind nested groups = Yes
# Kerberos Ticket automatisch verlaengern
winbind refresh tickets = Yes
# kein offline Betrieb
winbind offline logon = No

allow trusted domains = yes

#printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

log level = 10

# shares
include = /etc/samba/shares.conf
--------------------------

Paul
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger


More information about the samba mailing list