[Samba] Trust problems after upgrade from 3.5 to 3.6

Andrea Venturoli ml at netfence.it
Tue Feb 5 01:04:16 MST 2013 

On 02/04/13 19:25, Andrea Venturoli wrote:
> Hello.
>
> My setup:
> _ one Samba 3.5 domain (XXXXXXXX), with a PDC and a BDC, both running
> FreeBSD;
> _ one AD domain (YYYYYYYY) running on two Windows 2003 DCs;
> _ bidirectional trust between the two domains.
>
>
> Everything used to work until I moved the PDC from Samba 3.5 (EOL'ed) to
> 3.6; now, users from domain YYYYYYYY cannot access the PDC's shares.
>
>
> I used to have in smb.conf:
>>         idmap backend=ldap:ldap://localhost/
>>         idmap alloc backend=ldap
>>         idmap alloc config:ldap_url=ldap://localhost
>>         idmap alloc config:ldap_base_dn=ou=idmap,dc=xxxxxxxx,dc=xx
>>         idmap alloc config:ldap_user_dn=cn=root,dc=xxxxxxxx,dc=xx
>>         idmap cache time=120
>>         idmap uid=150000-200000
>>         idmap gid=150000-200000
>>         template shell=/sbin/nologin
>>         idmap config XXXXXXXX:backend=nss
>>         idmap config XXXXXXXX:range=1000-999999
>
> After the upgrade I changed it this way:
>>         idmap config *:backend=ldap
>>         idmap config *:range=150000-200000
>>         idmap config *:ldap_url=ldap://localhost/
>>         idmap config *:ldap_base_dn=ou=idmap,dc=xxxxxxxx,dc=xx
>>         idmap config *:ldap_user_dn=cn=root,dc=xxxxxxxx,dc=xx
>>         idmap cache time=120
>>         template shell=/sbin/nologin
>>         idmap config XXXXXXXX:backend=nss
>>         idmap config XXXXXXXX:range=1000-999999
>
>
>
> I see many errors like the following in log.winbindd-idmap:
>> [2013/02/04 19:22:20.847184,  1] winbindd/idmap.c:249(idmap_init_domain)
>>   idmap initialization returned NT_STATUS_ACCESS_DENIED
>
> In log.wb-YYYYYYYY
>> [2013/02/04 19:20:59.364510,  0]
>> rpc_client/cli_pipe.c:3240(cli_rpc_pipe_open_spnego_ntlmssp)
>>   cli_rpc_pipe_bind failed with error NT_STATUS_ACCESS_DENIED
>
>
>
> Please, any help is appreciated.
>
>
>   bye & Thanks
>      av.

P.S.
I'm also seeing this:

> winbindd[65589]:   get_credentials: Unable to fetch auth credentials for cn=root,dc=xxxxxxxx,dc=xx in *

Connection to LDAP works form smbd (for which I had set credentials with 
smbpasswd -w); how whould I do it for winbindd?

  bye & Thanks
	av.

More information about the samba mailing list