thr3ads.net - samba - Fwd: Re: [Samba] domain member WIN2003 AD

If this information is useful, please help other people find it:
Share via:

hans paul

2008-Feb-11 13:51 UTC

Fwd: Re: [Samba] domain member WIN2003 AD - Trusted Domain

> IMHO, for this to work you should define "idmap domains = DOMAINA 
> DOMAINB" and configure the idmap backend appropriately for both
domains
> using idmap config DOMAIN:backend/range/default etc...
> 
> For more details see "man idmap_tdb, man idmap_ldap and man
idmap_rid".
> 
> --Sadique
Hi Sadique,

thanks for your response. I test it but I don't get it right...
I only can connect from DOMAINA, not from DOMAINB. The DOMAINB is trusting from
DOMAINA.

Adapt my config:
--------------------------
[global]
# domain settings
workgroup = DOMAINA
realm = DOMAINA.DOM.NET
security = ads
client use spnego = Yes
password server = passwordserver.DOMAINA.DOM.NET
server string = %h server
dns proxy = no
encrypt passwords = true
invalid users = root
socket options = TCP_NODELAY

# idmap - Posix Nummernbereich fuer die Abbildung
idmap uid = 100000-150000
idmap gid = 100000-150000

idmap domains = DOMAINA DOMAINB
idmap config DOMAINA:default = yes
idmap config DOMAINA:backend = tdb
idmap config DOMAINA:range = 100000-150000

idmap config DOMAINB:default = no
idmap config DOMAINB:backend = tdb
idmap config DOMAINB:range = 100000-150000

idmap alloc backend = tdb
idmap alloc config:range = 100000-150000

# winbind settings
winbind separator = /
winbind use default domain = Yes
# Zeitintervall fuer die Zwischenspeicherung von Informationen
winbind cache time = 30
# Auflistung der Benutzer erlauben (z.B: getent passwd)
winbind enum users = No
# Auflistung der Gruppen erlauben (z.B: getent group)
winbind enum groups = No
# Gruppen in Gruppen unterstuetzen
winbind nested groups = Yes
# Kerberos Ticket automatisch verlaengern
winbind refresh tickets = Yes
# kein offline Betrieb
winbind offline logon = No

allow trusted domains = yes

#printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

log level = 10

# shares
include = /etc/samba/shares.conf
--------------------------

Paul
-- 
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail

-- 
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail

Seemingly Similar Threads

Search for more apparently analagous threads

samba - Feb 2008 - Fwd: Re: domain member WIN2003 AD - Trusted Domain

Fwd: Re: [Samba] domain member WIN2003 AD - Trusted Domain

Seemingly Similar Threads

Wisdom of the Ancients