Hi, I'm specifically have a problem with idmap entries not being created in my LDAP backend for trusted domain logons - Local accounts appear to be fine.
I have installed the Sernet enterprise packages from: http://ftp.sernet.de/pub/samba/experimental/rhel/5/i386/ I'm preparing the server as follows: 1. smbpasswd -w '<password>' 2. net rpc trustdom establish SANDBOX (where SANDBOX is my trusted domain) 3. net idmap secret SANDBOX '...' 4. net idmap secret alloc '...' 5. Start winbind only (winbindd -D) 6. net sam provision 7. Start nmbd and smbd as daemons Local accounts are fine and the trust appears healthy too: # wbinfo -t checking the trust secret via RPC calls succeeded My smb.conf file is as follows: [global] workgroup = SEAT server string = %h server (Samba %v) wins support = no wins server = 192.168.93.1 name resolve order = wins host bcast lmhosts syslog = 0 debug hires timestamp = yes log level = 100 tdb:100 idmap:100 log file = /var/log/samba/%m.log panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = ldapsam:ldap://127.0.0.1 ldapsam:trusted=yes ldapsam:editposix=yes ldap ssl = no ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz ldap delete dn = yes ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap user suffix = ou=users ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz winbind enum users = yes winbind enum groups = yes winbind uid = 10000-19999 winbind gid = 10000-19999 ldap ssl = no idmap backend = ldap:ldap://127.0.0.1 ldap idmap suffix = ou=idmap ldap password sync = yes idmap alloc backend = ldap idmap alloc config : ldap_url = ldap://127.0.0.1/ idmap alloc config : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz idmap alloc config : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz idmap config SANDBOX : backend = ldap idmap config SANDBOX : range = 10000-19999 idmap config SANDBOX : ldap_url = ldap://127.0.0.1/ idmap config SANDBOX : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz idmap config SANDBOX : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz idmap config SANDBOX : ldap_alloc_url = ldap://127.0.0.1/ idmap config SANDBOX : ldap_alloc_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz smb ports = 139 domain master = yes domain logons = yes deadtime = 60 load printers = yes printing = cups printcap name = cups Any hints would be *greatly* appreciated Regards, Patrick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
