[Samba] cant access shares on members of samba domain from windows domain
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Dec 5 09:00:37 MST 2011
On 12/02/2011 03:44 AM, damiien wrote:
> Hi,
>
> I have a network with two domains. DOMAIN A has samba 3.0.28 as PDC
> (I know its old but it cant be updated due to political reasons).
> DOMAIN B is a Windows 2003 domain. Samba PDC (domain A) has few shares
> on it and everyone can access those shares (everyone from domain A and
> domain B). In domain A there are also few windows machines which also
> have shares. I'd like for those shares to be available to everyone.
> Currently, everyone on domain A can access those windows shares (which
> are on domain A). I'd like for those shares to be available to domain
> B users but currently only Domain Administrator from domain B has
> access. I'd appreciate any help on getting this to work.
>
>
> To sum up,
>
> Domain A: 1. Samba as PDC - share "Groups" shared to everyone and
> available to everyone
> 2. Windows 2003 - share "Data" shared to everyone
> but available to everyone in domain A and only to Domain Administrator
> from domain B
>
> Domain B: 1. Windows 2003 Active directory
> 2. Windows XP clients
>
> ---share "Data" needs to be available to everyone
If you edit the Share or NTFS perms of a Domain A WIndows machine
directory, are you able to view or select users/groups from domain B?
When you log in to a Domain A Windows machine are you able to select
"Domain B" as a login domain? Are you sure domain trusts really are
set up properly on your PDC? Does "wbinfo -u" and "wbinfo -g" show the
trusted domain users and groups? Does "getent passwd" or "getent passwd
DOMAINB\\someuser" work?
My guess is that domain trusts are not working properly. Trusted
domain users need to map to a local unix id. Domain B Administrator is
probably able to log in to domain A since there is a matching unix name
(i.e. Administrator.) Assuming that samba can match the trusted
domain user's name to a local unix id, it will then validate the user
against the trusted domain PDC. If you have "jsmith" in both
domains, but with different passwords, if would appear to user "jsmith"
that domain trusts were working properly.
I think you will not get this working properly with Samba 3.0.28. I had
a similar setup- I would get it working for a short time but the idmap
cache would expire and not renew.
More information about the samba
mailing list