Hi, If you are using LDAP, it'd probably be better to point your member server to it's LDAP directory. You probably don't want "winbind use default domain" set to "yes" as this will fill your IDMAP backend with local domain accounts, really in a Samba domain you only want foreign domain stuff in there. Try:
passdb backend = ldapsam:ldap://pdc ip idmap backend = ldap:ldap://pdc ip idmap uid = 10000-20000 idmap gid = 10000-20000 winbind nested groups = yes winbind trusted domains only = yes winbind use default domain = no winbind enum users = yes winbind enum groups = yes allow trusted domains = yes and copy the all the parameters starting with "ldap " from your pdc. You might also want: domain logons = yes domain master = no preferred master = no wins server = pdc's IP address This works for me with both local and trusted domains. Alex On Sat, 2009-09-19 at 21:18 -0300, Edson Marquezani Filho wrote: > Hello, > > I would like to know what is really necessary to setup a Samba as a > simple client of a PDC Server, because, the way I'm trying, things are > not working. > > I have Samba + LDAP on a server as PDC, and I want to setup > transparent proxy authentication through Squid and Samba + Winbind on > another server, but I can't make this Samba to authenticate against > the PDC. > > I have been trying with a very simple config like, like this: > > [global] > workgroup = MYDOMAIN > security = DOMAIN > password server = (I have already tried with *, FQDN, netbios > name and IP address.) > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind use default domain = Yes > > > Domain joining happened succesfully, with net rpc join, but I can't > authenticate any user with smclient, and winbind doesn't work too. A > attempt to connect on localhost via smbclient fails with the following > message: > > session setup failed: NT_STATUS_LOGON_FAILURE > > I have tried to include other parameters, but nothing has worked. What > I'm missing? > > Thank you. -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. "Transact" is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 1200 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
