On Tue, 2008-09-09 at 15:52 +0100, Hari Sekhon wrote: > Hi, > > I've noticed a discrepancy between Samba Version 3.0.28a and Version > 3.0.24 in relation to Winbind rid idmap and trusted domains behaviour. > > I have an environment with 2 domains linked via a trust, an Active > Directory domain and an NT4 domain. On 3.0.24 the rid backend seems to > work fine, but on 3.0.28a it shows OTHERDOMAIN\domain admins instead of > the primary domain's domain admins in uid/name mapping on files. > > Below is a relevant snippet of the identical samba configuration on both > machines: > > allow trusted domains = no > idmap backend = rid > idmap config PRIMARYDOMAIN:range = 10000-19999 > idmap config OTHERDOMAIN:range = 20000-29999 > idmap gid = 10000-30000 > idmap uid = 10000-30000
Hari, this is not, as is, a valid configuration for either versions, is this the full configuration used ? > Testparm confirms that allow trusted domains is set to No, so it seems > that 3.0.28a does not respect the fact that trusted domains are not > supposed to be allowed at all? This seems to break the way the rid > backend works of course as there is a rid clash with the other domain. Allow trusted domains = no controls only authentication/access to the service not id resolution. > This output from wbinfo --group-info shows the name clash: > > domain admins:x:10512 > OTHERDOMAIN\domain admins:x:10512 > > Can anyone offer any advice on what to do about this? > I am running 3.0.24 on Debian Etch and 3.0.28a on Gentoo, for which > those are the latest stable versions packaged for the systems. I have > tried 3.0.32 and the problem seems to occur there too. Is this a bug > that has crept in after 3.0.24? If that is the configuration you use, it seem more like a configuration error. Simo. -- Simo Sorce Samba Team GPL Compliance Officer <[EMAIL PROTECTED]> Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
