[Samba] Trust problems after upgrade from 3.5 to 3.6

Andrea Venturoli ml at netfence.it
Fri Feb 8 09:54:35 MST 2013

On 02/08/13 13:48, Oliver Freyd wrote:
> Hello,
> I think I stumbled over the same issue when testing winbind and
> interdomain trusts on samba 3.6 these days.
> It is a bit hard to find, but "man idmap_ldap" says that the secret must
> be stored with
> net idmap secret DOMAIN SECRET
> and I think I used '*' as DOMAIN (for any domain)
> That made winbind with ldap work for me.

First off, thanks for answering.

After my previous message, I had already found out the above and did it.
I saw some improvement:
_ the logs about winbind not being "able to fetch auth credentials" are 
_ "smbclient -L ..." succeeds, so authentication is in fact working;
_ however, access to shares still is denied to users from the trusted 

It looks like Samba authenticates the user (against the DCs of the 
trusted domain) and accepts it, but somehow fails to recognize him, so 
he won't be correctly matched against "valid users".
Just to be clear: users from the trusted domain can access public 
shares, as long as they provide a correct password.

I'm still investigating this and I'll report anything I'll find.

Any further suggestion is still appreciated.

  bye & Thanks

More information about the samba mailing list