Re: [Samba] Multiple domains issue
I haven't set up a trusts involving Windows PDC's and a Samba member server. I have set up trusts Samba based domains (Samba PDC, Samba BDC and Samba member server) and Active Directory based domains (Windows 200x PDC.) In general, a samba server will see trusted users in the output of wbinfo -u (courtesy of the winbindd daemon.) Samba should also allocate unix uid and gid numbers. The nsswitch.conf file will include passwd: winbind... so that file permissions can be allocated at the underlying unix file system. smb.conf would also have to include idmap settings for each trusted domain. My guess is that your samba machine never knew about trusted domain, and was just mapping TRUSTEDDOMAIN\user to local user for file system access. And since the pw's were the same, everything was OK. If you type testparm -v what is map untrusted to domain set to? You may also want to change the file shares to be everyone and then rely on file permissions for the security. On 01/31/2011 05:53 PM, Ron García-Vidal wrote: Thanks for your reply. On 01/31/2011 05:22 PM, Gaiseric Vandal wrote: Did you reestablish the domain trusts between your NT domain and your AD domain? No, but I never broke the trust, only removed and re-added the single machine into the old NT domain. If I break and re-establish the trust relationship, I'm worried about what else might break in the process. Don't want to make a problem worse in the process of fixing it. Does wbinfo -u and wbinfo -g on your samba server show the users and groups from the trusted AD domain? Does getent passwd and getent group on your samba server show the users and groups from the trusted AD domain? Both wbinfo and getent passwd only show the info from the NTDOMAIN. My username is actually the same on both, but NTDOMAIN is the default domain on this box. Shoud it have shown user and ADDOMAIN+user? I don't remember the latter being in the output of getent passwd before making this change either though. It should also be noted that in auth.log, it does show the user ADDOMAIN+user being granted access, and session opened, so PAM seems ok with these users, it's smbd that's balking. Do your AD users still have accounts in the NT domain? Are the passwords the same? Maybe they can connect as NT\username instead (e.g net use \\samba1\share1 /user:nt\username) that could probably put in the login script) and skip domain trusts altogether since this is a short terms solution. This does work, but I guess I would like to better understand why this broke in the first place. Thanks a lot. I really appreciate your time. -Ron On 01/31/2011 04:25 PM, Ron García-Vidal wrote: Sorry to nudge, but does anyone have any ideas of how to resolve this? During the migration period to our AD server, it's crucial that users on both the old and new domain see the Samba server. On 01/24/2011 04:40 PM, Ron García-Vidal wrote: Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24
Re: [Samba] Multiple domains issue
Sorry to nudge, but does anyone have any ideas of how to resolve this? During the migration period to our AD server, it's crucial that users on both the old and new domain see the Samba server. On 01/24/2011 04:40 PM, Ron García-Vidal wrote: Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150) CLIENT_STATION (X.X.X.46) closed connection to service USERNAME As I said, prior to Friday's domain drop and rejoin, this worked properly. I think there just needs to be able to say ADDOMAIN+USERNAME=NTDOMAIN+USERNAME. -Ron On 01/24/2011 06:52 AM, Ron García-Vidal wrote: Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple domains issue
Did you reestablish the domain trusts between your NT domain and your AD domain? Does wbinfo -u and wbinfo -g on your samba server show the users and groups from the trusted AD domain? Does getent passwd and getent group on your samba server show the users and groups from the trusted AD domain? Do your AD users still have accounts in the NT domain? Are the passwords the same? Maybe they can connect as NT\username instead (e.g net use \\samba1\share1 /user:nt\username) that could probably put in the login script) and skip domain trusts altogether since this is a short terms solution. On 01/31/2011 04:25 PM, Ron García-Vidal wrote: Sorry to nudge, but does anyone have any ideas of how to resolve this? During the migration period to our AD server, it's crucial that users on both the old and new domain see the Samba server. On 01/24/2011 04:40 PM, Ron García-Vidal wrote: Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150) CLIENT_STATION (X.X.X.46) closed connection to service USERNAME As I said, prior to Friday's domain drop and rejoin, this worked properly. I think there just needs to be able to say ADDOMAIN+USERNAME=NTDOMAIN+USERNAME. -Ron On 01/24/2011 06:52 AM, Ron García-Vidal wrote: Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the
Re: [Samba] Multiple domains issue
Thanks for your reply. On 01/31/2011 05:22 PM, Gaiseric Vandal wrote: Did you reestablish the domain trusts between your NT domain and your AD domain? No, but I never broke the trust, only removed and re-added the single machine into the old NT domain. If I break and re-establish the trust relationship, I'm worried about what else might break in the process. Don't want to make a problem worse in the process of fixing it. Does wbinfo -u and wbinfo -g on your samba server show the users and groups from the trusted AD domain? Does getent passwd and getent group on your samba server show the users and groups from the trusted AD domain? Both wbinfo and getent passwd only show the info from the NTDOMAIN. My username is actually the same on both, but NTDOMAIN is the default domain on this box. Shoud it have shown user and ADDOMAIN+user? I don't remember the latter being in the output of getent passwd before making this change either though. It should also be noted that in auth.log, it does show the user ADDOMAIN+user being granted access, and session opened, so PAM seems ok with these users, it's smbd that's balking. Do your AD users still have accounts in the NT domain? Are the passwords the same? Maybe they can connect as NT\username instead (e.g net use \\samba1\share1 /user:nt\username) that could probably put in the login script) and skip domain trusts altogether since this is a short terms solution. This does work, but I guess I would like to better understand why this broke in the first place. Thanks a lot. I really appreciate your time. -Ron On 01/31/2011 04:25 PM, Ron García-Vidal wrote: Sorry to nudge, but does anyone have any ideas of how to resolve this? During the migration period to our AD server, it's crucial that users on both the old and new domain see the Samba server. On 01/24/2011 04:40 PM, Ron García-Vidal wrote: Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150) CLIENT_STATION (X.X.X.46) closed connection to service USERNAME As I said, prior to Friday's domain drop and rejoin, this worked properly. I think there just needs to be able to say ADDOMAIN+USERNAME=NTDOMAIN+USERNAME. -Ron On 01/24/2011 06:52 AM, Ron García-Vidal wrote: Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons.
Re: [Samba] Multiple domains issue
Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple domains issue
Here's some more info. This is an excerpt from the log on a connection attempt: [2011/01/24 15:30:55, 1] smbd/service.c:make_connection_snum(950) CLIENT_STATION (X.X.X.46) connect to service USERNAME initially as user ADDOMAIN+USERNAME (uid=1, gid=1) (pid 18741) [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:56, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:57, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:30:59, 0] smbd/service.c:set_current_service(150) chdir (/opt/ntpublic/users/USERNAME) failed [2011/01/24 15:31:05, 1] smbd/service.c:close_cnum(1150) CLIENT_STATION (X.X.X.46) closed connection to service USERNAME As I said, prior to Friday's domain drop and rejoin, this worked properly. I think there just needs to be able to say ADDOMAIN+USERNAME=NTDOMAIN+USERNAME. -Ron On 01/24/2011 06:52 AM, Ron García-Vidal wrote: Understood and agreed, but since we're migrating to the AD in a piecemeal fashion must get this to work for users in both domains until the migration is complete. Any suggestions? -Ron On 01/23/2011 01:05 PM, t...@tms3.com wrote: I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Multiple domains issue
I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple domains issue
I encountered a strange problem recently when changing the IP of my Samba server. We are in the process of moving from an ancient NT4 domain to an AD domain. We did a full migration of all the users, and up until Friday, our AD users were able to access the Samba server (which is still on the NT domain) with full permissions, etc. On Friday for reasons completely unrelated, we had to change the IP of the Samba server. When we brought it up on the new IP, it gave an error bringing up the Samba daemons. I was rushed and didn't pay to much attention to the error, but instead took the easy route of removing Samba from the NT domain, and re-joining. That got the Samba daemons up and running and we mostly had no problem, except now the AD users aren't allowed to access their home directories. Home directories in a trusted domain is probably a bad idea, and likely has some permission issues. It might be best to join the samba server to the AD domain instead. The AD and NT domains have a mutual trust relationship, and all SSIDs for the users on both domains are the same. As I said, prior to Friday, these users were able to access. I'm not entirely sure how Samba handles multiple domains, etc. and I have no idea how to even begin to trouble shoot this problem. Any suggestions would be welcome. -Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
