[Samba] Multiple domains issue
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Jan 31 15:22:01 MST 2011
Did you reestablish the domain trusts between your NT domain and your AD
domain?
Does "wbinfo -u" and "wbinfo -g" on your samba server show the users and
groups from the trusted AD domain?
Does "getent passwd" and "getent group" on your samba server show the
users and groups from the trusted AD domain?
Do your AD users still have accounts in the NT domain? Are the
passwords the same? Maybe they can connect as "NT\username" instead
(e.g net use \\samba1\share1 /user:nt\username) that could probably put
in the login script) and skip domain trusts altogether since this is a
short terms solution.
On 01/31/2011 04:25 PM, Ron García-Vidal wrote:
> Sorry to nudge, but does anyone have any ideas of how to resolve this?
> During the migration period to our AD server, it's crucial that users
> on both the old and new domain see the Samba server.
>
> On 01/24/2011 04:40 PM, Ron García-Vidal wrote:
>> Here's some more info. This is an excerpt from the log on a connection
>> attempt:
>>
>> [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950)
>> CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user
>> ADDOMAIN+USERNAME (uid=10000, gid=10000) (pid 18741)
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150)
>> chdir (/opt/ntpublic/users/USERNAME) failed
>> [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150)
>> CLIENT_STATION (X.X.X.46) closed connection to service USERNAME
>>
>>
>> As I said, prior to Friday's domain drop and rejoin, this worked
>> properly. I think there just needs to be able to say
>> ADDOMAIN+USERNAME=NTDOMAIN+USERNAME.
>>
>> -Ron
>>
>> On 01/24/2011 06:52 AM, Ron García-Vidal wrote:
>>> Understood and agreed, but since we're migrating to the AD in a
>>> piecemeal fashion must get this to work for users in both domains until
>>> the migration is complete. Any suggestions?
>>>
>>> -Ron
>>>
>>> On 01/23/2011 01:05 PM, tms3 at tms3.com wrote:
>>>>
>>>>>
>>>>> I encountered a strange problem recently when changing the IP of my
>>>>> Samba server. We are in the process of moving from an ancient NT4
>>>>> domain to an AD domain. We did a full migration of all the users, and
>>>>> up until Friday, our AD users were able to access the Samba server
>>>>> (which is still on the NT domain) with full permissions, etc.
>>>>>
>>>>> On Friday for reasons completely unrelated, we had to change the
>>>>> IP of
>>>>> the Samba server. When we brought it up on the new IP, it gave an
>>>>> error
>>>>> bringing up the Samba daemons. I was rushed and didn't pay to much
>>>>> attention to the error, but instead took the easy route of removing
>>>>> Samba from the NT domain, and re-joining.
>>>>>
>>>>> That got the Samba daemons up and running and we mostly had no
>>>>> problem,
>>>>> except now the AD users aren't allowed to access their home
>>>>> directories.
>>>> Home directories in a trusted domain is probably a bad idea, and
>>>> likely
>>>> has some permission issues. It might be best to join the samba
>>>> server to
>>>> the AD domain instead.
>>>>>
>>>>>
>>>>> The AD and NT domains have a mutual trust relationship, and all SSIDs
>>>>> for the users on both domains are the same. As I said, prior to
>>>>> Friday,
>>>>> these users were able to access.
>>>>>
>>>>> I'm not entirely sure how Samba handles multiple domains, etc. and I
>>>>> have no idea how to even begin to trouble shoot this problem. Any
>>>>> suggestions would be welcome.
>>>>>
>>>>> -Ron
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
More information about the samba
mailing list