samba - Nov 2003 - At 4 a.m. it finally worked...Samba 3, interdomain trust, ldap, winbind

I spent a solid two weeks trying to make a RH 9 with Samba 3 PDC operate the
way I wanted it to in a domain that includes an NT 4.0 PDC. Early this
morning, the NT user dogbreath belonging to the NT group mongrels was able
to log into the NT PDC, map to the big_ugly_dogs share on the Samba machine,
copy a file there, open it in OpenOffice 1.1.0, edit it, save it and then
delete it. All of this was done because I finally got things configured
correctly to make it all work.

Along the way, I read so much stuff at such odd hours. Without the help of
others, this could never have been accomplished. A how-to by Carl Weiss was
critical. So was the info from Ignacio Coupeau and the official Samba 3.0
documentation.

So now I have two PDCs (one NT4 and one Samba 3 on Linux) that trust each
other. Therefore, a user in one domain has access to shares and resources in
the other by vitue of that trust. And it's a single sign on because winbind
knows the users and groups from each of the domains. The use of OpenLDAP
will allow me to take the next step, which is adding a samba BDC to the
network.

There is still a lot of testing to be done before I am comfortable enough to
let "real users" onto the machines. There are things I still don't
understand.

I did spend the time to write up documentation on how to do this (I
shouldn't say I wrote it...I took a lot of bits and pieces from various
sources and compiled it all into one document). If anyone is interested,
check out the stuff at http://www.hilinski.net/samba . The documentation is
there, along with the configuration files I used.

At 21:35 11/23/2003, Carl J. Hilinski, wrote:
>I did spend the time to write up documentation on how to do this (I
>shouldn't say I wrote it...I took a lot of bits and pieces from various
>sources and compiled it all into one document). If anyone is interested,
>check out the stuff at http://www.hilinski.net/samba . The documentation is
>there, along with the configuration files I used.
Hmmm.  Seems to be looking for titus.hilinski.net, but can't find it???

Start Here to Find It Fast!? -> http://www.US-Webmasters.com/best-start-page/

> I did spend the time to write up documentation on how to do this (I
> shouldn't say I wrote it...I took a lot of bits and pieces from various
> sources and compiled it all into one document). If anyone is interested,
> check out the stuff at http://www.hilinski.net/samba . The documentation
> is there, along with the configuration files I used.
I'm interested in that documentation, but the link does not seem to work...
:( 

------
Ferm?n

Thanks very much for the help!

I have used a simplified variant of your procedure (no LDAP, no winbind) to
establish the trust relationship between the two domains (a WinNT one and a
Samba3 one), but I'm having problems when users of Samba domain try to
access to shared resources of the WinNT domain (I set permission in the
share for the users on the other domain, but when they try accessing
connection fails).

The mapping of Domain groups to UNIX groups in the Samba domain is made
through net groupmap. Is really needed to use winbind?

The following error message appears in the logs. I think that it could be
related with my problem, but I don't understand why because I'm using
net
groupmap.

[2003/11/21 13:08:26, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
  get_domain_user_groups: primary gid of user [testuser] is not a Domain
group !
  get_domain_user_groups: You should fix it, NT doesn't like that

I tell you about this because I think that you maybe have face similar
problems in your experience.

Thanks again!

------
Ferm?n

-----Mensaje original-----
De: carl@hilinski.net [mailto:carl@hilinski.net] 
Enviado el: mi?rcoles, 26 de noviembre de 2003 15:51
Para: Ferm?n Gal?n
Asunto: RE: [Samba] At 4 a.m. it finally worked...Samba 3, interdomain
trust,ldap, winbind

add a slash to the end of the url. It should be:
http://www.hilinski.net/samba/

I am having another person do an install (at this minute) from my
instructions to double check the documentation. One thing I've found right
off is that it is less complicated to install the samba 3.0 rpm than it is
to compile it from source and have to change the paths and stuff.


Ferm?n Gal?n <fermin.galan@agora-2000.com> wrote
..
> > I did spend the time to write up documentation on how to do this (I
> > shouldn't say I wrote it...I took a lot of bits and pieces from
various
> > sources and compiled it all into one document). If anyone is
interested,
> > check out the stuff at http://www.hilinski.net/samba . The
documentation
> > is there, along with the configuration files I used.
> 
> I'm interested in that documentation, but the link does not seem to
work...
> :( 
> 
> ------
> Ferm?n