[Samba] Samba 3.6.6 AD member and trusted domains

Neil Price nprice at gibb.co.za
Mon Jul 11 13:11:29 UTC 2016


I've got a 2008R2 server with a Samba3 ldap based trusted domain. From the Windows server it works 
fine (with a few hacks)

I have a 3.6.6. (Debian Wheezy) samba joined to the AD domain as a member.

wbinfo and getent on the member server show the AD users no problem but not the trusted domain. I'm 
not sure if this is actually supported.

relevant parts of smb.conf

idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config * : base_rid = 0

idmap config TRUSTED : backend = rid
idmap config TRUSTED : range = 3000000-3999999
idmap config TRUSTED : base_rid = 0

idmap config AD : backend = rid
idmap config AD : range = 2000000-2999999
idmap config AD : base_rid = 0

There is this interesting output:

wbinfo -n TRUSTED\\nprice
S-1-5-21-1423669638-2051222870-1230932851-13008 SID_USER (1)

wbinfo -S S-1-5-21-1423669638-2051222870-1230932851-13008
3013008

So it looks like its working but wbinfo -u and getent passwd don't return anything for the trusted 
domain. Same for groups.




More information about the samba mailing list