[Samba] Multiple domains issue

Ron García-Vidal ghstwrtr at evilgenius.net
Mon Jan 31 14:25:10 MST 2011 

Sorry to nudge, but does anyone have any ideas of how to resolve this? 
During the migration period to our AD server, it's crucial that users on 
both the old and new domain see the Samba server.

On 01/24/2011 04:40 PM, Ron García-Vidal wrote:
> Here's some more info. This is an excerpt from the log on a connection
> attempt:
>
> [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950)
> CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user
> ADDOMAIN+USERNAME (uid=10000, gid=10000) (pid 18741)
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150)
> chdir (/opt/ntpublic/users/USERNAME) failed
> [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150)
> CLIENT_STATION (X.X.X.46) closed connection to service USERNAME
>
>
> As I said, prior to Friday's domain drop and rejoin, this worked
> properly. I think there just needs to be able to say
> ADDOMAIN+USERNAME=NTDOMAIN+USERNAME.
>
> -Ron
>
> On 01/24/2011 06:52 AM, Ron García-Vidal wrote:
>> Understood and agreed, but since we're migrating to the AD in a
>> piecemeal fashion must get this to work for users in both domains until
>> the migration is complete. Any suggestions?
>>
>> -Ron
>>
>> On 01/23/2011 01:05 PM, tms3 at tms3.com wrote:
>>>
>>>>
>>>> I encountered a strange problem recently when changing the IP of my
>>>> Samba server. We are in the process of moving from an ancient NT4
>>>> domain to an AD domain. We did a full migration of all the users, and
>>>> up until Friday, our AD users were able to access the Samba server
>>>> (which is still on the NT domain) with full permissions, etc.
>>>>
>>>> On Friday for reasons completely unrelated, we had to change the IP of
>>>> the Samba server. When we brought it up on the new IP, it gave an error
>>>> bringing up the Samba daemons. I was rushed and didn't pay to much
>>>> attention to the error, but instead took the easy route of removing
>>>> Samba from the NT domain, and re-joining.
>>>>
>>>> That got the Samba daemons up and running and we mostly had no problem,
>>>> except now the AD users aren't allowed to access their home
>>>> directories.
>>> Home directories in a trusted domain is probably a bad idea, and likely
>>> has some permission issues. It might be best to join the samba server to
>>> the AD domain instead.
>>>>
>>>>
>>>> The AD and NT domains have a mutual trust relationship, and all SSIDs
>>>> for the users on both domains are the same. As I said, prior to Friday,
>>>> these users were able to access.
>>>>
>>>> I'm not entirely sure how Samba handles multiple domains, etc. and I
>>>> have no idea how to even begin to trouble shoot this problem. Any
>>>> suggestions would be welcome.
>>>>
>>>> -Ron
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>

More information about the samba mailing list