[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
shridhar shetty
shridhar.sanjeeva at gmail.com
Thu Oct 13 13:29:05 UTC 2016
Thanks Rowland,
I have been using "idmap config xxxx : backend = rid" instead of "ad". So
i understand that nothing is to be set from the windows AD side.
and i am running wbinfo -t as root user.
Few observations.
* I have multiple Active directory DCs. And in the site where the machine
is located, we have 2 ReadOnly DCs.
* On capturing network packets, I observed that the requests are being sent
to Readonly DCs. Should that be a problem?
Thanks
Shridhar
On Thu, Oct 13, 2016 at 12:44 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 13 Oct 2016 02:26:08 +0530
> shridhar shetty <shridhar.sanjeeva at gmail.com> wrote:
>
> > My apologies for the same. I shamelessly borrowed these settings from
> > existing working setup after mine was not working.
> >
> > Changed smb.conf file. But result is the same.
> > wbinfo -u and wbinfo -g works and gives me users but wbinfo -t doesnt.
> >
> > [global]
> > workgroup = xxxx
> > netbios name = inmusbackup01
> > server string = FILE SERVER
> > realm = xxx.xxx.COM
> >
> > #Winbindd configuration
> > winbind separator = +
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind use default domain = yes
> > template homedir = /home/%U
> > template shell = /bin/bash
> > winbind refresh tickets = yes
> >
> > #Setting Security level
> > security = ads
> > kerberos method = secrets and keytab
> > encrypt passwords = yes
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 2000-9999
> > idmap config xxxx : backend = ad
> > idmap config xxxx : range = 10000-999999
> >
>
> Just a couple of questions, have you given your users a uidNumber
> attribute containing a unique number inside 10000-999999 and Domain
> Users a gidNumber inside the same range ?
>
> Are you running the 'wbinfo -t' command as root ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list