samba - Jan 2009 - Trust Question.

Setup:

Hundreds of Linux hosts authenticating Domain1(Windows 2003 R2.) using 
Samba 3.2.7 RID backend.

Domain1 (W2k3) Trusts Domain2(W2k3) , so users of Domian2 can login to 
Linux Hosts.

Now we have added Domain3(W2k3) and configured the Domain1(Primary 
Domain) to trust users of Domain3(W2k3) .

So Domain1 is the primary domain and trusts Domain2 and Domain3.

Issue:

The issue is samba can see only one Trusted Domain, either it can see 
the users of Domain2 or Domain3 at any point of time. Is my 
configuration wrong or is it a bug on samba? Any help is appreciated.

testparm output:
[global]
        workgroup = DOMAIN1
        realm = DOMAIN1.COM
        server string = Samba
        security = ADS
        obey pam restrictions = Yes
        client NTLMv2 auth = Yes
        log level = 100
        log file = /var/log/winbind
        local master = No
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        idmap domains = default, DOMAIN1, DOMAIN2, DOMAIN3
        idmap uid = 1000 - 199999
        idmap gid = 1000 - 199999
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind refresh tickets = Yes
        winbind offline logon = Yes
        idmap config DOMAIN1:range = 200000 - 299999
        idmap config DOMAIN1:backend = rid
        idmap config DOMAIN2:range = 100000 - 199999
        idmap config DOMAIN2:backend = rid
        idmap config DOMAIN3:range = 200000 - 299999
        idmap config DOMAIN3:backend = rid
        idmap config default:default = Yes




~LA

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Linux Addict wrote:
>        winbind offline logon = Yes
>        idmap config DOMAIN1:range = 200000 - 299999
>        idmap config DOMAIN1:backend = rid
>        idmap config DOMAIN2:range = 100000 - 199999
>        idmap config DOMAIN2:backend = rid
>        idmap config DOMAIN3:range = 200000 - 299999
>        idmap config DOMAIN3:backend = rid
>        idmap config default:default = Yes
Why is DOMAIN1 and DOMAIN3 using the same range?





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJfgiCIR7qMdg1EfYRArBAAKDUv8hmDTuSwGe3yDcUbDLOKlZ2WACfXbRO
khr4btSOJQMCOQ1dX9GcnSw=3cp+
-----END PGP SIGNATURE-----

Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Linux Addict wrote:
>   
>>        winbind offline logon = Yes
>>        idmap config DOMAIN1:range = 200000 - 299999
>>        idmap config DOMAIN1:backend = rid
>>        idmap config DOMAIN2:range = 100000 - 199999
>>        idmap config DOMAIN2:backend = rid
>>        idmap config DOMAIN3:range = 200000 - 299999
>>        idmap config DOMAIN3:backend = rid
>>        idmap config default:default = Yes
>>     
>
> Why is DOMAIN1 and DOMAIN3 using the same range?
>
>
>
>
>
> cheers, jerry
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJfgiCIR7qMdg1EfYRArBAAKDUv8hmDTuSwGe3yDcUbDLOKlZ2WACfXbRO
> khr4btSOJQMCOQ1dX9GcnSw> =3cp+
> -----END PGP SIGNATURE-----
>
>   
Sorry. That must be a typo. They use different ranges for sure.