On Thu, Oct 21, 2010 at 05:02:55PM -0400, Gaiseric Vandal wrote: > > I have not tried ssh'ing in as a trusted domain user (I definately > don't want that available..)
It's not something I want to make available, but it was an important test to prove that winbind was creating the correct idmap entries and that this was making functional POSIX accounts available to the Linux host. What I don't understand is why Samba isn't mapping the trusted domain users onto those accounts. > > Do you have an entry in krb5.conf for the trusted domain? I think > that is more of an issue for locating the DC. I do. > > At some point I changed the forest and domain modes on the Windows > 2003 DC from mixed to native. That may have broken something I'm surprised anything is working for you. I didn't think trust relationships between Samba or NT4 and AD would work at all if AD was in native mode. -- Bruce If the universe were simple enough to be understood, we would be too simple to understand it.
signature.asc
Description: Digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
