[Samba] Samba 3.0.28a onwards "allow trusted domains" has no
idra at samba.org
Tue Sep 9 16:19:32 GMT 2008
On Tue, 2008-09-09 at 15:52 +0100, Hari Sekhon wrote:
> I've noticed a discrepancy between Samba Version 3.0.28a and Version
> 3.0.24 in relation to Winbind rid idmap and trusted domains behaviour.
> I have an environment with 2 domains linked via a trust, an Active
> Directory domain and an NT4 domain. On 3.0.24 the rid backend seems to
> work fine, but on 3.0.28a it shows OTHERDOMAIN\domain admins instead of
> the primary domain's domain admins in uid/name mapping on files.
> Below is a relevant snippet of the identical samba configuration on both
> allow trusted domains = no
> idmap backend = rid
> idmap config PRIMARYDOMAIN:range = 10000-19999
> idmap config OTHERDOMAIN:range = 20000-29999
> idmap gid = 10000-30000
> idmap uid = 10000-30000
Hari, this is not, as is, a valid configuration for either versions, is
this the full configuration used ?
> Testparm confirms that allow trusted domains is set to No, so it seems
> that 3.0.28a does not respect the fact that trusted domains are not
> supposed to be allowed at all? This seems to break the way the rid
> backend works of course as there is a rid clash with the other domain.
Allow trusted domains = no controls only authentication/access to the
service not id resolution.
> This output from wbinfo --group-info shows the name clash:
> domain admins:x:10512
> OTHERDOMAIN\domain admins:x:10512
> Can anyone offer any advice on what to do about this?
> I am running 3.0.24 on Debian Etch and 3.0.28a on Gentoo, for which
> those are the latest stable versions packaged for the systems. I have
> tried 3.0.32 and the problem seems to occur there too. Is this a bug
> that has crept in after 3.0.24?
If that is the configuration you use, it seem more like a configuration
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>
More information about the samba