[Samba] Trust problems after upgrade from 3.5 to 3.6
Andrea Venturoli
ml at netfence.it
Fri Feb 8 09:54:35 MST 2013
On 02/08/13 13:48, Oliver Freyd wrote:
> Hello,
>
> I think I stumbled over the same issue when testing winbind and
> interdomain trusts on samba 3.6 these days.
>
> It is a bit hard to find, but "man idmap_ldap" says that the secret must
> be stored with
>
> net idmap secret DOMAIN SECRET
>
> and I think I used '*' as DOMAIN (for any domain)
> That made winbind with ldap work for me.
Hello.
First off, thanks for answering.
After my previous message, I had already found out the above and did it.
I saw some improvement:
_ the logs about winbind not being "able to fetch auth credentials" are
gone;
_ "smbclient -L ..." succeeds, so authentication is in fact working;
_ however, access to shares still is denied to users from the trusted
domain.
It looks like Samba authenticates the user (against the DCs of the
trusted domain) and accepts it, but somehow fails to recognize him, so
he won't be correctly matched against "valid users".
Just to be clear: users from the trusted domain can access public
shares, as long as they provide a correct password.
I'm still investigating this and I'll report anything I'll find.
Any further suggestion is still appreciated.
bye & Thanks
av.
More information about the samba
mailing list