[Samba] Samba 3.0.28a

Mike Cauble mcauble at lufkin.com
Tue Mar 11 21:00:10 GMT 2008 

I have a test environment running Fedora 8 and Samba 3.0.28a on two 
PDC's and one Domain Member. I have a DOM-A PDC with a ldap backend, 
running winbind. I have a DOM-B PDC with a ldap backend, running 
winbind. The two domains have trusts both ways. I also have a domain 
member called TESTSERVER joined to the DOM-A domain, running winbind. I 
was running 3.0.28 on TESTSERVER and I could do "getent passwd" and see 
accounts from both domains. Since installing 3.0.28a on all servers I 
only see accounts from DOM-A domain when issuing the "getent passwd" , 
and the message in the log.winbindd is

[2008/03/11 15:13:01, 5] passdb/secrets.c:get_trust_pw_clear(720)
  get_trust_pw_clear: could not fetch clear text trust account password 
for domain DOM-B

I have an idmap entry in my ldap backend on DOM-A for users in DOM-B.

My smb.conf on TESTSERVER is:

[global]

        workgroup = DOM-A
        security = DOMAIN
        update encrypted = Yes
        map to guest = Bad User
        username map = /etc/samba/smbusers
        log level = passdb:5 auth:10 winbind:2
        load printers = No
        preferred master = No
        local master = No
        dns proxy = No
        wins server = 100.10.10.31
        ldap admin dn = cn=admin,dc=lufkin,dc=com
        ldap group suffix = ou=CP_groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=CP_comps
        ldap suffix = dc=lufkin,dc=com
        ldap ssl = no
        ldap user suffix = ou=People
        idmap domains = DOM-A
        idmap alloc backend = ldap
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        idmap alloc config:ldap_url = ldap://192.168.70.151/
        idmap alloc config:ldap_base_dn = ou=idmap,dc=lufkin,dc=com
        idmap alloc config:ldap_user_dn = cn=admin,dc=lufkin,dc=com
        idmap alloc config:range = 50000-500000
        idmap config DOM-A:ldap_url = ldap://192.168.70.151
        idmap config DOM-A:range = 50000-500000
        idmap config DOM-A:ldap_user_dn = cn=admin,dc=lufkin,dc=com
        idmap config DOM-A:ldap_base_dn = ou=idmap,dc=lufkin,dc=com
        idmap config DOM-A:backend = ldap
        idmap config DOM-A:default = yes
        ldapsam:trusted = yes
        ldapsam:editposix = yes

[homes]
        comment = Home Directories
        read only = No
        create mask = 0775
        force create mode = 0775
        directory mask = 0775
        force directory mode = 0775
        browseable = No

[testshare]
        path = /home/test-share
        valid users = DOM-B+travis, DOM-A+mikec
        write list = DOM-B+travis, DOM-A+mikec

Any help would be appreciated.

        template shell = /bin/bash
        winbind separator = +

More information about the samba mailing list