I've tried to login with a user testB which exists in DomainB but not in
DomainA (Client XP is a DomainA member) and noticed that there's an
attempt in DomainA to create a local user testB. I'm trying to
investigate if there any problem with my winbind setup in DomainA...
I'll keep you posted.
Igor
Igor Belyi wrote:
Adrian Chow wrote:
Hi Igor,
Thanks for your prompt reply.
Just curious whether you have read my previous email regarding the
different setup for my side. I have :-
Domain A controller :- openldap 2.1.23 (slave), samba 3.04 (PDC)
Domain B controller :- openldap 2.1.30-3 (slave), samba 3.07 (PDC)
Main LDAP server : - openldap 2.0.27-3.bunk (master).
So you have the same LDAP directory for both PDCs? Can you show
smb.conf for both PDCs? How did you configure your LDAP slaves - do
they have write access to the entries PDC uses?
Question 1:- Wonder if there will be a problem with the openldap
setup? Should I upgrade all the LDAP to have same version?
Since we don't know yet what kind of problem you face it's difficult
to say if LDAP version matters. My guess is it does not and that the
newer version you have the better.
Question 2:- If I were to upgrade Domain A to samba 3.07 (as I
thought there could be a potential problem with the trusting/trusted
domains), any clue of how can I upgrade to samba 3.07 without losing
the SID or any problems? I was thinking of doing the following:-
1. Backup the smb.conf file
I don't think smb.conf gets changed during upgrade, but backups never
hurt.
2. smbldap-conf file (containing the SID number).
It will make sense if you plan to update smbldap tools as well. Note,
that Domain SID which Samba uses is kept in LDAP entry and the one
written in smbldap-conf file should mirror it. And since it is kept in
LDAP upgrade of Samba 3.x should not cause its change. I don't
remember big changes in smbldap-conf between 3.0.4 and 3.0.7 Sambas
but I would recommend to look at the 'diff' between backuped and newly
installed versions to verify that.
Is there any thing I left out? Will the SID be changed? The reason
I ask was because I already got a domain member server under domain A
(samba 3.04) and I do not want to lose the SID cos I have like 260
users's home directory in that domain member server (windows 2003
server).
Thanks in advance.
Regards,
adrian
Igor Belyi wrote:
Sorry... Got busy with something else. I'll try to do the test with
different users tomorrow. There could be a problem with my previous
test since the user present in both Domains also has the same
password and this may allow credentials from one domain to somehow
be used in another.
If you would collect trace for both 'login' and 'net user x: /home'
times - it will be great. Make sure that trace is with 'log level =
5' and if you have more than one machine that you collect trace for
the Client XP machine (probably, by including %m in the 'log file').
I apologize for the delay.
Igor
Adrian Chow wrote:
Hi Igor,
Wondering have you tried to one the scenario when a domain B user
logins on domain A machine where the domain B username is not found
in domain A machine? Can you still map the drives?
Also you were asking for the smbd files.... how should I get them?
During when I login or during when I typed the commmand "net use x:
/home" on the dos prompt?
Thanks. Just concerned as I have not heard from you.
adrian
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
