[Samba] Samba 3.4.2 Trusted Domain Logon gives: "Conflicting domain portions are not supported for NETLOGON calls"

Patrick Rynhart prynhart at gmail.com
Sun Nov 1 20:39:45 MST 2009 

Hi,

I'm specifically have a problem with idmap entries not being created in
my LDAP backend for trusted domain logons - Local accounts appear to be
fine.

I have installed the Sernet enterprise packages from:

http://ftp.sernet.de/pub/samba/experimental/rhel/5/i386/

I'm preparing the server as follows:

1. smbpasswd -w '<password>'
2. net rpc trustdom establish SANDBOX  (where SANDBOX is my trusted domain)
3. net idmap secret SANDBOX '...'
4. net idmap secret alloc '...'
5. Start winbind only (winbindd -D)
6. net sam provision
7. Start nmbd and smbd as daemons

Local accounts are fine and the trust appears healthy too:

# wbinfo -t
checking the trust secret via RPC calls succeeded

My smb.conf file is as follows:

[global]
workgroup = SEAT
server string = %h server (Samba %v)
wins support = no
wins server = 192.168.93.1
name resolve order = wins host bcast lmhosts
syslog = 0
debug hires timestamp = yes
log level = 100 tdb:100 idmap:100
log file = /var/log/samba/%m.log
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1
ldapsam:trusted=yes
ldapsam:editposix=yes
ldap ssl = no
ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
ldap delete dn = yes
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz

winbind enum users = yes
winbind enum groups = yes
winbind uid = 10000-19999
winbind gid = 10000-19999

ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
ldap idmap suffix = ou=idmap

ldap password sync = yes

idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://127.0.0.1/
idmap alloc config : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
idmap alloc config : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
idmap config SANDBOX : backend = ldap
idmap config SANDBOX : range = 10000-19999
idmap config SANDBOX : ldap_url = ldap://127.0.0.1/
idmap config SANDBOX : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
idmap config SANDBOX : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
idmap config SANDBOX : ldap_alloc_url = ldap://127.0.0.1/
idmap config SANDBOX : ldap_alloc_base_dn =
ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz

smb ports = 139
domain master = yes
domain logons = yes
deadtime = 60
load printers = yes
printing = cups
printcap name = cups

Any hints would be *greatly* appreciated

Regards,

Patrick

More information about the samba mailing list