[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
shridhar shetty
shridhar.sanjeeva at gmail.com
Thu Oct 13 13:43:25 UTC 2016
That is what I said.
I have been using backend = rid.
On Thu, Oct 13, 2016 at 6:59 PM, shridhar shetty <
shridhar.sanjeeva at gmail.com> wrote:
> Thanks Rowland,
>
> I have been using "idmap config xxxx : backend = rid" instead of "ad". So
> i understand that nothing is to be set from the windows AD side.
>
> and i am running wbinfo -t as root user.
>
> Few observations.
> * I have multiple Active directory DCs. And in the site where the machine
> is located, we have 2 ReadOnly DCs.
> * On capturing network packets, I observed that the requests are being
> sent to Readonly DCs. Should that be a problem?
>
> Thanks
> Shridhar
>
>
> On Thu, Oct 13, 2016 at 12:44 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Thu, 13 Oct 2016 02:26:08 +0530
>> shridhar shetty <shridhar.sanjeeva at gmail.com> wrote:
>>
>> > My apologies for the same. I shamelessly borrowed these settings from
>> > existing working setup after mine was not working.
>> >
>> > Changed smb.conf file. But result is the same.
>> > wbinfo -u and wbinfo -g works and gives me users but wbinfo -t doesnt.
>> >
>> > [global]
>> > workgroup = xxxx
>> > netbios name = inmusbackup01
>> > server string = FILE SERVER
>> > realm = xxx.xxx.COM
>> >
>> > #Winbindd configuration
>> > winbind separator = +
>> > winbind enum users = yes
>> > winbind enum groups = yes
>> > winbind use default domain = yes
>> > template homedir = /home/%U
>> > template shell = /bin/bash
>> > winbind refresh tickets = yes
>> >
>> > #Setting Security level
>> > security = ads
>> > kerberos method = secrets and keytab
>> > encrypt passwords = yes
>> >
>> > idmap config *:backend = tdb
>> > idmap config *:range = 2000-9999
>> > idmap config xxxx : backend = ad
>> > idmap config xxxx : range = 10000-999999
>> >
>>
>> Just a couple of questions, have you given your users a uidNumber
>> attribute containing a unique number inside 10000-999999 and Domain
>> Users a gidNumber inside the same range ?
>>
>> Are you running the 'wbinfo -t' command as root ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
More information about the samba
mailing list