[Samba] Trusted domain with different short name to DNS name.

A. James Lewis james at fsck.co.uk
Thu Sep 28 13:57:25 UTC 2017


I have 2 trusted domains to deal with, "DEV" and "TODEV", and I have configured smb.conf like this:-

 workgroup = MAIN
 security = ADS

 idmap config *:backend = tdb
 idmap config *:range = 95000-99999
 idmap config MAIN:backend = rid
 idmap config MAIN:range = 100000-999999
 idmap config DEV:backend = rid
 idmap config DEV:range = 2000000-2999999
 idmap config TODEV:backend = rid
 idmap config TODEV:range = 3000000-3999999

 winbind trusted domains only = no
 winbind use default domain = yes
 winbind refresh tickets = yes

 template shell = /bin/bash
 template homedir = /home/%D/%U

The issue is that "TODEV" is the short name, while the DNS name is to.dev.domain.local.... I can see group memberships in "DEV", but not in TODEV... presumably because there's no way for Samba to map the TODEV short name to a DNS "SRV" query to find the LDAP server details.

What would be the correct way to go about this when the domain short name, and the DNS don't match?

A. James Lewis (james at fsck.co.uk (mailto:james at fsck.co.uk))
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."

More information about the samba mailing list