Hello, also in LogLevel 10 there is no error i could find. But i have more config examples and what happens.
if i use this config: > winbind enum users = yes > winbind enum groups = yes > allow trusted domains = yes > > idmap config * : backend = tdb > idmap config * : range = 70000-99999 > > idmap config A : backend = rid > idmap config A : range = 100000 - 199999 > idmap config A : base_rid = 1000 > > idmap config B : backend = rid > idmap config B : range = 200000 - 299999 > idmap config B : base_rid = 1000 i get folowing message from a SID of domain A: server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-1004336348-920026266-682003330-1113 to uid i change this line > allow trusted domains = no server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-1004336348-920026266-682003330-1113 to uid it does not work. i change this line > idmap config * : backend = rid server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113 100113 so it "works" ... but "getent passwd" still does not show any user. so there is still a long way to go. if i delete all the "idmap config * " parts it won't work again. But also if it does work.... i need trusted domain support. the only config that realy works right now, is the new "autorid". LogLevel10 shows no errors at all. ------------ Benedikt Am 12.08.2011 18:23, schrieb Benedikt Schindler: > Hello, > > i try to create a samba server for more then one trusted domain. > I know there were some issues with samba 3.5, and in the internet i > always read, i should use samba 3.4. > > So i wanted to give 3.6 a chance. > > I first tried autorid with a config like this: > > winbind enum users = yes > winbind enum groups = yes > > idmap backend = autorid > idmap gid = 100000-1499999 > idmap gid = 100000-1499999 > allow trusted domains = yes > > It works fine. And Domain A starts in the 200000 and Domain B with > 300000. But my problem is, i have two different samba Servers that > should get the same uid and gid. > On the second Server Domain B also starts with 300000 but domain A > starts with 4000000. So there is no correct mapping between these two > servers. It is, because the main Domain of the second server is B and > not A like in the first server. > > Is there a way to tell autorid a order of domains? like: "idmap autorid > domains = A, B" > > I also read the mail about the new idmapping so i also tried these > configuration: > > winbind enum users = yes > winbind enum groups = yes > allow trusted domains = yes > > idmap config A : backend = rid > idmap config A : range = 100000 - 199999 > idmap config A : base_rid = 1000 > > idmap config B : backend = rid > idmap config B : range = 200000 - 299999 > idmap config B : base_rid = 1000 > > With this configuration i get with "winbind -u" all users, but "getent > passwd" is still empty. > > And a group group-info shows WBC_ERR_DOMAIN_NOT_FOUND. > > server:/ # wbinfo --group-info A\\marketing > failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for group A\marketing > server:/ # wbinfo --group-info B\\marketing > failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for group B\marketing > > > I didn't find any real helpfull logs to get a clue what's wrong with > this config. But i think it is the same as in 3.5 and i have to go back > to 3.4? > > any ideas? > > best regards > Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
