[Samba] Don't see a subdomain as subdomain
Schwiete, Ralf (AllianzGI)
Ralf.Schwiete at allianzgi.de
Fri Oct 16 09:02:50 MDT 2009
Hello,
we have an Domain-Setup with three domains and an forest-trust between
the domains. All domaincontrollers are Windows 2003 Server. The setup of
the Forest-Trusts are identically (as the DC-Admin says).
Under-A (where the samba server lives)
/
Domain-A
/ \
/ \
Domain-B Domain-C
\
Under-C
When I use wbinfo -m --verbose I see the folowing:
Domain Name DNS Domain Trust Type Transitive In Out
BUILTIN None Yes Yes Yes
[Server] None Yes Yes Yes
Under-A Under-A.Domain-A.net None Yes Yes Yes
Domain-A Domain-A.net In-Forest Yes Yes Yes
Domain-C Domain-C.net None Yes Yes Yes
Domain-B Domain-B.com Forest Yes Yes Yes
As you can see, wbinfo says, that the trust to "Domain-C" is no
forest-Trust and I also do'nt see the subdomain "Under-C".
With debug-level 10 I see the following information from my
"Domain-A"-DC ("log.wb-Domain-A"):
(...)
array: struct netr_DomainTrust
netbios_name : *
netbios_name :
'Domain-C'
dns_name : *
dns_name :
'Domain-C.net'
trust_flags : 0x00000022
(34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
parent_index : 0x00000000
(0)
trust_type :
NETR_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000048
(72)
0:
NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE
0:
NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0:
NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1:
NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0:
NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0:
NETR_TRUST_ATTRIBUTE_WITHIN_FOREST
1:
NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
sid : *
sid : [SID]
guid :
00000000-0000-0000-0000-000000000000
array: struct netr_DomainTrust
netbios_name : *
netbios_name :
'Domain-B'
dns_name : *
dns_name :
'AD.Domain-B.COM'
trust_flags : 0x00000022
(34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
parent_index : 0x00000000
(0)
trust_type :
NETR_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008
(8)
0:
NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE
0:
NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0:
NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1:
NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0:
NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0:
NETR_TRUST_ATTRIBUTE_WITHIN_FOREST
0:
NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
sid : *
sid : [SID]
guid :
00000000-0000-0000-0000-000000000000
(...)
What is interesting above is the
"NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL"-flag which is "1" on the first
anf "0" on the second trust-Entry. Could someone tell me what this flag
means?
After a while (few hours or one day) wbinfo says the following:
Domain Name DNS Domain Trust Type Transitive In Out
BUILTIN None Yes Yes Yes
[Server] None Yes Yes Yes
Under-A Under-A.Domain-A.net None Yes Yes Yes
Domain-A Domain-A.net In-Forest Yes Yes Yes
Domain-C Domain-C.net None Yes Yes Yes
Domain-B Domain-B.com Forest Yes Yes Yes
Under-C None Yes No Yes
The subdomain "Under-C" is visible but not as subdomain or forest-trust
and also there is no log-entry for this domain like above in any
logfile. But there is an logfile "log.wb-Under-C". There is no logfile
like "log.wb-Domain-C".
The SAMBA is an Samba 3.3.9 under Solaris 9.
Samba-Config:
[global]
workgroup = Under-A
server string = Samba Server ditgwd
netbios name = [Server]
security = ads
realm = Under-A.Domain A.NET
encrypt passwords = yes
map to guest = never
load printers = no
interfaces = [One IP]
bind interfaces only = yes
use spnego = yes
encrypt passwords = yes
invalid users = root Administrator admin oracle
bgdft
name resolve order = host
log file = /var/opt/log/samba/log.%m
max log size = 5000
password server = *
passdb backend = tdbsam
socket options = IPTOS_LOWDELAY TCP_NODELAY
server schannel = auto
template shell = /usr/bin/false
client schannel = no
local master = no
os level = 1
domain master = no
preferred master = no
domain logons = no
wins support = no
wins proxy = no
dns proxy = no
allow trusted domains = yes
winbind separator = +
idmap uid = 10000-30000
idmap gid = 10000-30000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = no
winbind cache time = 100
winbind nested groups = yes
template homedir = /home/%D/%U
template shell = /usr/bin/false
log level = 10
#============================ Share Definitions
==============================
(...)
The Problem is, that the domain "Under-C" appears only after a while and
not as subdomain.
Thanks for help in advance,
Ralf
More information about the samba
mailing list