[Samba] Samba 3.4.2 Trusted Domain Logon gives: "Conflicting domain portions are not supported for NETLOGON calls"
Patrick Rynhart
prynhart at gmail.com
Sun Nov 1 21:13:52 MST 2009
I was thinking that I could be missing some key libraries, perhaps I
still am ? I have tried the following:
install -m 0644 /root/samba-3.4.2/source3/bin/libtalloc.so.1 /lib
install -m 0644 /root/samba-3.4.2/source3/bin/libtdb.so.1 /lib
install -m 0644 /root/samba-3.4.2/source3/bin/libwbclient.so.0 /lib
install -m 0644 /root/samba-3.4.2/nsswitch/libnss_winbind.so /lib
install -m 0644 /root/samba-3.4.2/nsswitch/libnss_wins.so /lib
install -m 0644 /root/samba-3.4.2/nsswitch/libnss_wins.so
/lib/libnss_winbind.so.2
install -m 0644 /root/samba-3.4.2/nsswitch/libnss_wins.so
/lib/libnss_wins.so.2
Thanks!
Patrick
Patrick Rynhart wrote:
> Hi,
>
> I'm specifically have a problem with idmap entries not being created in
> my LDAP backend for trusted domain logons - Local accounts appear to be
> fine.
>
> I have installed the Sernet enterprise packages from:
>
> http://ftp.sernet.de/pub/samba/experimental/rhel/5/i386/
>
> I'm preparing the server as follows:
>
> 1. smbpasswd -w '<password>'
> 2. net rpc trustdom establish SANDBOX (where SANDBOX is my trusted domain)
> 3. net idmap secret SANDBOX '...'
> 4. net idmap secret alloc '...'
> 5. Start winbind only (winbindd -D)
> 6. net sam provision
> 7. Start nmbd and smbd as daemons
>
> Local accounts are fine and the trust appears healthy too:
>
> # wbinfo -t
> checking the trust secret via RPC calls succeeded
>
> My smb.conf file is as follows:
>
> [global]
> workgroup = SEAT
> server string = %h server (Samba %v)
> wins support = no
> wins server = 192.168.93.1
> name resolve order = wins host bcast lmhosts
> syslog = 0
> debug hires timestamp = yes
> log level = 100 tdb:100 idmap:100
> log file = /var/log/samba/%m.log
> panic action = /usr/share/samba/panic-action %d
> security = user
> encrypt passwords = true
> passdb backend = ldapsam:ldap://127.0.0.1
> ldapsam:trusted=yes
> ldapsam:editposix=yes
> ldap ssl = no
> ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
> ldap delete dn = yes
> ldap group suffix = ou=groups
> ldap machine suffix = ou=machines
> ldap user suffix = ou=users
> ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz
>
> winbind enum users = yes
> winbind enum groups = yes
> winbind uid = 10000-19999
> winbind gid = 10000-19999
>
> ldap ssl = no
> idmap backend = ldap:ldap://127.0.0.1
> ldap idmap suffix = ou=idmap
>
> ldap password sync = yes
>
> idmap alloc backend = ldap
> idmap alloc config : ldap_url = ldap://127.0.0.1/
> idmap alloc config : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
> idmap alloc config : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
> idmap config SANDBOX : backend = ldap
> idmap config SANDBOX : range = 10000-19999
> idmap config SANDBOX : ldap_url = ldap://127.0.0.1/
> idmap config SANDBOX : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
> idmap config SANDBOX : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
> idmap config SANDBOX : ldap_alloc_url = ldap://127.0.0.1/
> idmap config SANDBOX : ldap_alloc_base_dn =
> ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
>
> smb ports = 139
> domain master = yes
> domain logons = yes
> deadtime = 60
> load printers = yes
> printing = cups
> printcap name = cups
>
> Any hints would be *greatly* appreciated
>
> Regards,
>
> Patrick
>
More information about the samba
mailing list