[Samba] Samba] Samba4 problem with Wndows Domain Trust

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Dec 20 03:07:54 UTC 2016


You might set something like


    idmap config * : backend  = tdb
    idmap config * : range =  5000-6000


    idmap config MYDOMAIN : backend  = ad
    idmap config MYDOMAIN : range = 1000-1999


    idmap config OTHERDOMAIN  : backend  = tdb
    idmap config OTHEDOMAIN: range = 4000-4999

In the example above you are using AD backend for your own domain, TDB for the specific trusted domain and TDB for whatever else (including an local or builtin groups.)

I think if you have both domains are AD domains then you could probably use ad backend for both domains.     I have two test  AD domains in trusts but they are both in the same domain tree-  one is a child domain.    I also installed Unix services so that I could use Active Directory Users and Computers mmc to assign unix uid and group id numbers.   




-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Josef Wölfle via samba
Sent: Monday, December 19, 2016 5:15 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Samba] Samba4 problem with Wndows Domain Trust

How would I set the idmap backend to TDB ?

Both domain controlers are running Windows 2008 Server.


Am 19.12.2016 um 15:44 schrieb Gaiseric Vandal:
> Which idmap backend are you using?
>
> One thing to try is setting the idmap backend for the trusted domains 
> to TDB (local database file)   This is not a great long term solution 
> since you will not have consistent mappings between domains.  However 
> it may help determine if the issue is with winbind and idmap in 
> general or with the specific idmap backend (e.g. rid, ad, ldap.)
>
>
>
> Are the domain controllers running Samba or Windows ?
>
>
> On 12/19/16 09:16, wp1101412-josef via samba wrote:
>>
>> Hi Gaiseric,
>>
>> both packages have been provided as RPM and installed by yum. We 
>> didn´t have to compile.
>>
>>
>> "wbinfo -i" shows the correct uidnumber for users of DOMAIN_A, but 
>> nothing for
>> users auf the trusted Domain DOMAIN_B.
>>
>>
>> We have another server running Centos 6 and Samba 4.4.4. It shows the 
>> same
>> problem: Only users and groups of DOMAIN_A are available.
>>
>>
>> The settings:
>>
>> ldap server require strong auth = no =>  this makes no change.
>>
>> client ldap sasl wrapping = plain  =>    If I set this, "wbinfo -g" 
>> lasts very
>> much longer and doesn´t deliver anything at all any longer.
>>
>>
>> Kind regards
>>
>> Josef
>
>
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list