[Samba] Samba 3.0.28a
Mike Cauble
mcauble at lufkin.com
Tue Mar 11 21:00:10 GMT 2008
I have a test environment running Fedora 8 and Samba 3.0.28a on two
PDC's and one Domain Member. I have a DOM-A PDC with a ldap backend,
running winbind. I have a DOM-B PDC with a ldap backend, running
winbind. The two domains have trusts both ways. I also have a domain
member called TESTSERVER joined to the DOM-A domain, running winbind. I
was running 3.0.28 on TESTSERVER and I could do "getent passwd" and see
accounts from both domains. Since installing 3.0.28a on all servers I
only see accounts from DOM-A domain when issuing the "getent passwd" ,
and the message in the log.winbindd is
[2008/03/11 15:13:01, 5] passdb/secrets.c:get_trust_pw_clear(720)
get_trust_pw_clear: could not fetch clear text trust account password
for domain DOM-B
I have an idmap entry in my ldap backend on DOM-A for users in DOM-B.
My smb.conf on TESTSERVER is:
[global]
workgroup = DOM-A
security = DOMAIN
update encrypted = Yes
map to guest = Bad User
username map = /etc/samba/smbusers
log level = passdb:5 auth:10 winbind:2
load printers = No
preferred master = No
local master = No
dns proxy = No
wins server = 100.10.10.31
ldap admin dn = cn=admin,dc=lufkin,dc=com
ldap group suffix = ou=CP_groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=CP_comps
ldap suffix = dc=lufkin,dc=com
ldap ssl = no
ldap user suffix = ou=People
idmap domains = DOM-A
idmap alloc backend = ldap
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
idmap alloc config:ldap_url = ldap://192.168.70.151/
idmap alloc config:ldap_base_dn = ou=idmap,dc=lufkin,dc=com
idmap alloc config:ldap_user_dn = cn=admin,dc=lufkin,dc=com
idmap alloc config:range = 50000-500000
idmap config DOM-A:ldap_url = ldap://192.168.70.151
idmap config DOM-A:range = 50000-500000
idmap config DOM-A:ldap_user_dn = cn=admin,dc=lufkin,dc=com
idmap config DOM-A:ldap_base_dn = ou=idmap,dc=lufkin,dc=com
idmap config DOM-A:backend = ldap
idmap config DOM-A:default = yes
ldapsam:trusted = yes
ldapsam:editposix = yes
[homes]
comment = Home Directories
read only = No
create mask = 0775
force create mode = 0775
directory mask = 0775
force directory mode = 0775
browseable = No
[testshare]
path = /home/test-share
valid users = DOM-B+travis, DOM-A+mikec
write list = DOM-B+travis, DOM-A+mikec
Any help would be appreciated.
template shell = /bin/bash
winbind separator = +
More information about the samba
mailing list