Hello list,
I am trying an environment with Samba 3.5 running as a WIN2003 AD member,
which (say MYAD) is mutually trusted with another YAAD, plus an openldap
server as idmap backend, winbind is also used. So my concerns are
two-folded.
1. Why users from trusted domain can do nothing
>From samba server side, wbinfo/getent passwd/id can only find users from
MYAD, nothing from YAAD.
However 'smbclient -L //localhost -U YAAD\\david' is working and printing
shares on samba server, this I believe means interdomain trust is correctly
set and recognized by samba ( from some level ). But when I try to connect
to home share with YAAD\\david I get
<log>
85 [2010/11/02 13:19:25.525993, 2] auth/auth.c:314(check_ntlm_password)
86 check_ntlm_password: Authentication for user [david] -> [david] FAILED
with error NT_STATUS_NO_SUCH_USER
<log>
and
<smbclient>
rclus_01:~ # smbclient //localhost/homes -U YAAD\\david%secret
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
<smbclient>
How so? 'allow trusted domains' is enabled in smb.conf.
2. Am I using openldap as idmap backend right?
>From openldap server side, I've configured slapd.conf and ldap.conf and
initialized my openldap server with top entry and Manager entry, as samba
HOWTO and openldap quick guide instructed, and here is related smb.conf
parameters
<smb.conf>
ldap admin dn = cn=Manager,dc=MYAD,dc=COM
ldap idmap suffix = ou=Idmap
ldap suffix = dc=MYAD,dc=COM
idmap backend = ldap:"ldap://myldapserver";
idmap uid = 10000-1000000
idmap gid = 10000-1000000
<smb.conf>
This may seem stupid but I'm not sure
2.1 Who is responsible to add entries for MYAD users into openldap server
(when MYAD users connect to samba server)? Automatically by samba or a
script is needed here?
2.2 Do I need to create another 'dc=YAAD,dc=COM' for the trusted domain YAAD
on openldap server?
Help? Rookie questions, thanks for your patience.
Regards
-David
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
