Does Samba has a problem working with trusted domains ? I have two trusted domains and a Samba server 2.2.2 configured with winbind running on RH 7.0, after working for a week its now only showing me the remote domain groups and not the local domain groups. The remote domain is called Sxxx and the local one Txxxx, does samba consider an alphabetical order or somethig like that when working with trusted domains. I've been trying to configure Samba to work only with my local domain but the swtich "allow trusted domains = no" seems not to be working. Thanks in advance Walter Prentice Network Administrator Triversity Inc.
On Tue, Dec 18, 2001 at 02:43:29PM -0500, Walter_Prentice/Trimax@trimax.com wrote:> Does Samba has a problem working with trusted domains ? > > I have two trusted domains and a Samba server 2.2.2 configured with winbind > running on RH 7.0, after working for a week its now only showing me the > remote domain groups and not the local domain groups.So when you run 'getent passwd' or 'getent group' it only returns users and groups from the trusted domain and not the domain the Samba server is a member of? What happens if you run 'wbinfo -g' or 'wbinfo -u'?> The remote domain is called Sxxx and the local one Txxxx, does samba > consider an alphabetical order or somethig like that when working with > trusted domains.It's in whatever order the PDC returns the trusted domains when asked to list them.> I've been trying to configure Samba to work only with my local domain but > the swtich "allow trusted domains = no" seems not to be working.I don't think this parameter is referred to in winbind. That sounds like a bug. Tim.
If I run wbinfo -g it only returns groups from the remote domain, if I run wbinfo -u returns the remote domain users twice the first time using Sxxx\username and next all the names again now showing Txxx\username. I have just finished reinstalling the whole server again and this time using cvs code plus the latest winbindd_group.c : Revision 1.3.4.17 Dec 18 that says has a fix for enumerating users and groups when there are trusted domains that are down but still get the same problems. This server was supose to be on producction last week and it was working for a week I really don't know what is going wrong, is it a winbind bug ? If I remove the route for the remote network I always get the "Error looking up domain group" every time I run wbinfo -g or -u If I run wbinfo -t returns Secret is good. Tim Potter <tpot@samba.org>@lists.samba.org on 12/19/2001 06:48:03 PM Sent by: samba-admin@lists.samba.org To: Walter_Prentice/Trimax@trimax.com cc: samba@lists.samba.org Subject: Re: Winbind and trusted domains On Tue, Dec 18, 2001 at 02:43:29PM -0500, Walter_Prentice/Trimax@trimax.com wrote:> Does Samba has a problem working with trusted domains ? > > I have two trusted domains and a Samba server 2.2.2 configured withwinbind> running on RH 7.0, after working for a week its now only showing me the > remote domain groups and not the local domain groups.So when you run 'getent passwd' or 'getent group' it only returns users and groups from the trusted domain and not the domain the Samba server is a member of? What happens if you run 'wbinfo -g' or 'wbinfo -u'?> The remote domain is called Sxxx and the local one Txxxx, does samba > consider an alphabetical order or somethig like that when working with > trusted domains.It's in whatever order the PDC returns the trusted domains when asked to list them.> I've been trying to configure Samba to work only with my local domain but > the swtich "allow trusted domains = no" seems not to be working.I don't think this parameter is referred to in winbind. That sounds like a bug. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Oh man you should be called Harry instead of Tim, your a wizard man, Restrict Anonymous registry key was all my problem, old Netw. admin, had set security issues on two of the domain controllers, actually one of them was the PDC, the one I chose to validate accounts. Samba and Winbind are working fine now, we'll began testing in IT this morning. CVS code seem to be working pretty well on RH 7.0, so I'll keep working with these version till you leverage 2.2.3 Thanks a lot !!!! I have a question: Is there any file I could backup that keeps the mappings between Domain user and groups names and uid and gid used by Linux ? So in case I lost the connection to the Domain and have to set it up again (maybe reinstall samba and winbind), I don't to need to setup all the security again if those mappings change. Thank you in advance. Merry Christmas and Happy New Year !!!! Tim Potter <tpot@samba.org>@lists.samba.org on 12/19/2001 11:07:53 PM Sent by: samba-admin@lists.samba.org To: Walter_Prentice/Trimax@trimax.com cc: samba@lists.samba.org Subject: Re: Winbind and trusted domains On Wed, Dec 19, 2001 at 09:29:08PM -0500, Walter_Prentice/Trimax@trimax.com wrote:> If I run wbinfo -g it only returns groups from the remote domain, if Irun> wbinfo -u returns the remote domain users twice the first time using > Sxxx\username and next all the names again now showing Txxx\username.Oh wow that's pretty freaky. Can you run winbindd at debug level 10 and mail me the output (private mail is probably best). So just start up winbindd, run wbinfo -u twice, then kill off winbindd. This should generate the minimum amount of log information required to analyse the problem. Please, could you run it with "debug timestamp = false" as well.> This server was supose to be on producction last week and it was working > for a week I really don't know what is going wrong, is it a winbind bug ?Have you done anything like change the security settings on the PDC? There is a RestrictAnonymous registry key you can set to restrict the amount of information available to anonymouse users. In win2k there are some security settings that can mess up winbindd as well. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Hello, I have set up the NT authentication using the Winbind daemon. It does authenticate the users in the domain set in the smb.conf file - WORKGROUP variable, but does NOT authenticate the users from other trusted domain, while domain trusts are defined correctly. - I tried to export WINBINDD_DOMAIN variable, but with no effect. - getent passwd/group command returns only "WORKGROUP variable" domain members Thaks for help! Ondrej Foukal
I have a samba server on mandrake running the newest version of samba. Users are in domain a and the computer accounts are in domain b. The samba server is in domain b but I would like for the samba server in b to look at the user list in domain a which has a trust relationship already set up in NT. The same way windows does it now. I setup winbind and samba. I put allow trusted domains = yes and all the other entries needed. I would also like for the local logon of Unix to use the samba authentication as well. Any help would be appreciated.