Robert Kelly wrote:
Hi there,
I'm running Samba 3.0.14a-sernet on Suse 9.1 using ldapsam.
I've got an interdomain trust setup across a vpn connection with a
2k3sp1 domain (DOMB).
The trust works.
Robert,
I have a similar setup to yourself except i have 2 samba domains accross
a VPN.
What is strange is that a user from DOMB can't access any shares until
they browse a share on our domain controller, say netlogon, then samba
creates a new posix account for them in the ou=users base.
I spent quite a while myself trying to figure this out. I'm not sure if
what i have done is correct but in nsswitch.conf i have :
----
passwd: files ldap winbind
shadow: files ldap winbind
group: files ldap winbind
-----
winbind is used to give the foreign sid's from the trusted domain uid on
your PDC or Domain member Server
I have nsswitch.conf using ldap, and samba configured to use winbind as
per the howto. Same wins etc.
What isn't clear to me is why the user account gets created as a regular
account and not in the ou=idmap base.
I had this same problem until i added winbind to the nsswitch.conf file.
Can you see the users from the trusted domain when you enter 'wbinfo -u
' at the shell ?
Shouldn't just a sambaIdmapEntry object be created in ou=IdMap and not a
posixaccount in ou=users?
The account gets created with a uid from the regular users range not
from the idmap uid range and still gets created when winbind is stopped.
I've read Chapter 18. Interdomain Trust Relationships over and over
again, but need some suggestions on the correct way to setup winbind on
a domain controller when using a trust.
Any clues?
The book is not very clear on this. It took me some time to figure it out
Thanks,
Rob
--
Ian Clancy
IT Systems Engineer
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.
P : ++353 93 23151
F : ++353 93 23110
E : mailto:[EMAIL PROTECTED]
W : http://www.cel-europe.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
