[Samba] Samba 3.0.28a onwards "allow trusted domains" has no effect?
Hari Sekhon
hpsekhon at googlemail.com
Tue Sep 9 14:52:33 GMT 2008
Hi,
I've noticed a discrepancy between Samba Version 3.0.28a and Version
3.0.24 in relation to Winbind rid idmap and trusted domains behaviour.
I have an environment with 2 domains linked via a trust, an Active
Directory domain and an NT4 domain. On 3.0.24 the rid backend seems to
work fine, but on 3.0.28a it shows OTHERDOMAIN\domain admins instead of
the primary domain's domain admins in uid/name mapping on files.
Below is a relevant snippet of the identical samba configuration on both
machines:
allow trusted domains = no
idmap backend = rid
idmap config PRIMARYDOMAIN:range = 10000-19999
idmap config OTHERDOMAIN:range = 20000-29999
idmap gid = 10000-30000
idmap uid = 10000-30000
Testparm confirms that allow trusted domains is set to No, so it seems
that 3.0.28a does not respect the fact that trusted domains are not
supposed to be allowed at all? This seems to break the way the rid
backend works of course as there is a rid clash with the other domain.
This output from wbinfo --group-info shows the name clash:
domain admins:x:10512
OTHERDOMAIN\domain admins:x:10512
Can anyone offer any advice on what to do about this?
I am running 3.0.24 on Debian Etch and 3.0.28a on Gentoo, for which
those are the latest stable versions packaged for the systems. I have
tried 3.0.32 and the problem seems to occur there too. Is this a bug
that has crept in after 3.0.24?
-h
--
Hari Sekhon
More information about the samba
mailing list