[Samba] Trusted domain with different short name to DNS name.

Rowland Penny rpenny at samba.org
Thu Sep 28 14:25:09 UTC 2017


On Thu, 28 Sep 2017 13:57:25 +0000
"A. James Lewis via samba" <samba at lists.samba.org> wrote:

> Hey,
> 
> I have 2 trusted domains to deal with, "DEV" and "TODEV", and I have
> configured smb.conf like this:-
> 
> [global]
>  workgroup = MAIN
>  security = ADS
>  realm = MAIN.DOMAIN.LOCAL
> 
>  idmap config *:backend = tdb
>  idmap config *:range = 95000-99999
>  idmap config MAIN:backend = rid
>  idmap config MAIN:range = 100000-999999
>  idmap config DEV:backend = rid
>  idmap config DEV:range = 2000000-2999999
>  idmap config TODEV:backend = rid
>  idmap config TODEV:range = 3000000-3999999
> 
>  winbind trusted domains only = no
>  winbind use default domain = yes
>  winbind refresh tickets = yes
> 
>  template shell = /bin/bash
>  template homedir = /home/%D/%U
> 
> The issue is that "TODEV" is the short name, while the DNS name is
> to.dev.domain.local.... I can see group memberships in "DEV", but not
> in TODEV... presumably because there's no way for Samba to map the
> TODEV short name to a DNS "SRV" query to find the LDAP server details.
> 
> What would be the correct way to go about this when the domain short
> name, and the DNS don't match?
> 

What version of Samba ?
Are the trusts two way ?

You should remove 'winbind use default domain'

Rowland




More information about the samba mailing list