Andrew Bartlett wrote:
Okay, sorry ... done ...I am posting here, because I believe this a little more technical than "I can't get my server work?" ...
This is still not the place. Samba technical is not technical
support, it's technical development of Samba.
Sorry for the long delay, but have had other project to try and bring up to scratch ...
Okay, following chapter 16 I do ...If I use winbind, I can't setup a PDC. It was explained to create a trust between my Samba domain and ADS domain, and this way I should be able to pass auth through the trust and as I have thought this through, I believe all my users will belong in ADS domain and all the Machine accounts would belong in Samba domain, but I can't get the trust working ... I think this is because of the fact the our ADS is in native mode, and the HowTo only converts Mixed mode, and warns against using/trying in Native Mode ( somebody's got to try it some time ) ...
Now this is interesting. We have the code to handle this, but we
don't use it. The RPC backends *should* allow you to handle this, but
it is suboptimal.
On Win2K3 DC I run the create Trust procdure ( which I should maybe put a little step by step down on paper ) ... I found if I had smb running when I ran this I would get all sorts of netlogon secure channel not working errors ... but if I had start smb long enough for WINS to have it listed, then stop smb, it would go through without ask too many questions ...
I would then run ...
useradd domain-ads smbpasswd -a -i domain-ads net rpc trustdom establish domain-ads
All succesful ...
I then found that I would trust both ways ... works nice from what I can see ...
But my problems is that I would like to use the users in ADS, which with this setup, I have to setup Linux users which would then be trusted by ADS, but then I will loose all the deligation features that ADS brings MicroSoft guys, which is why we are putting this in.
Is there no way that I could have my users in ADS, with remote Linux server supporting netlogon scripts for these users? This what I am really looking for ...
Which user should I use? After the trush working, I was able to work both ways for general stuff ..So, I was hoping that somebody might be able to help me, or if I am missing info ( which I can't think of what to put in here without flooding the list with information that is not needed ) what would be best to forward ...
Start by setting an 'IPC username', with wbinfo --set-auth-user=...
I have a long-term goal of removing the need for a 'security=ADS'I have seen you want to do this in past post ... more autodetection is kewl if there is no loss of flexiblity or control from a good admin ...
parameter, moving to more autodetection. This should help this kind
of thing a lot, as we can pick up what domains todo what with more
easily.
Thanks Mailed Lee
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
