[Samba] Trusted domain with different short name to DNS name.
A. James Lewis
james at fsck.co.uk
Thu Sep 28 13:57:25 UTC 2017
I have 2 trusted domains to deal with, "DEV" and "TODEV", and I have configured smb.conf like this:-
workgroup = MAIN
security = ADS
realm = MAIN.DOMAIN.LOCAL
idmap config *:backend = tdb
idmap config *:range = 95000-99999
idmap config MAIN:backend = rid
idmap config MAIN:range = 100000-999999
idmap config DEV:backend = rid
idmap config DEV:range = 2000000-2999999
idmap config TODEV:backend = rid
idmap config TODEV:range = 3000000-3999999
winbind trusted domains only = no
winbind use default domain = yes
winbind refresh tickets = yes
template shell = /bin/bash
template homedir = /home/%D/%U
The issue is that "TODEV" is the short name, while the DNS name is to.dev.domain.local.... I can see group memberships in "DEV", but not in TODEV... presumably because there's no way for Samba to map the TODEV short name to a DNS "SRV" query to find the LDAP server details.
What would be the correct way to go about this when the domain short name, and the DNS don't match?
A. James Lewis (james at fsck.co.uk (mailto:james at fsck.co.uk))
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."
More information about the samba