[Samba] Samba 3.4.2 Trusted Domain Logon gives: "Conflicting domain portions are not supported for NETLOGON calls"
Patrick Rynhart
prynhart at gmail.com
Sun Nov 1 20:39:45 MST 2009
Hi,
I'm specifically have a problem with idmap entries not being created in
my LDAP backend for trusted domain logons - Local accounts appear to be
fine.
I have installed the Sernet enterprise packages from:
http://ftp.sernet.de/pub/samba/experimental/rhel/5/i386/
I'm preparing the server as follows:
1. smbpasswd -w '<password>'
2. net rpc trustdom establish SANDBOX (where SANDBOX is my trusted domain)
3. net idmap secret SANDBOX '...'
4. net idmap secret alloc '...'
5. Start winbind only (winbindd -D)
6. net sam provision
7. Start nmbd and smbd as daemons
Local accounts are fine and the trust appears healthy too:
# wbinfo -t
checking the trust secret via RPC calls succeeded
My smb.conf file is as follows:
[global]
workgroup = SEAT
server string = %h server (Samba %v)
wins support = no
wins server = 192.168.93.1
name resolve order = wins host bcast lmhosts
syslog = 0
debug hires timestamp = yes
log level = 100 tdb:100 idmap:100
log file = /var/log/samba/%m.log
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1
ldapsam:trusted=yes
ldapsam:editposix=yes
ldap ssl = no
ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
ldap delete dn = yes
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz
winbind enum users = yes
winbind enum groups = yes
winbind uid = 10000-19999
winbind gid = 10000-19999
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
ldap idmap suffix = ou=idmap
ldap password sync = yes
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://127.0.0.1/
idmap alloc config : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
idmap alloc config : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
idmap config SANDBOX : backend = ldap
idmap config SANDBOX : range = 10000-19999
idmap config SANDBOX : ldap_url = ldap://127.0.0.1/
idmap config SANDBOX : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
idmap config SANDBOX : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
idmap config SANDBOX : ldap_alloc_url = ldap://127.0.0.1/
idmap config SANDBOX : ldap_alloc_base_dn =
ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
smb ports = 139
domain master = yes
domain logons = yes
deadtime = 60
load printers = yes
printing = cups
printcap name = cups
Any hints would be *greatly* appreciated
Regards,
Patrick
More information about the samba
mailing list