hi,
we have a PDC/BDC Samba v3 setup (DOMA) which trusts a foreign Samba v3
domain (DOMB).
we also installed winbindd on both DCs with idmaping in our network
(DOMA) to authenticate users from DOMB. otherwise samba claims "User not
found" or "Finding user xxx: No such User".
it works great on PDC but not on the BDC. winbind won?t idmap users from
DOMB on our BDC as PDC does.
winbind.log from BDC:
Added domain DOMA S-1-5-21-1042031166-381324594-2118846581
Added domain BUILTIN S-1-5-32
winbind.log from PDC:
Added domain DOMA S-1-5-21-1042031166-381324594-2118846581
Added domain BUILTIN S-1-5-32
*Added domain DOMB S-1-5-21-1046543266-381324594-9876846581*
net rpc trustdom lists the trusted domain (DOMB) on PDC *and* BDC after
establishing the trust on PDC to PDC from DOMB.
should that work is is this setup not possible with samba?
in case PDC goes down BDC would only find POSIX information for its own
domain and not for the trusted domain, which is bad.
any help is appreciated!
thx
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
On Wed, 2005-12-07 at 16:45 +0100, Michael Gasch wrote:> hi, > > we have a PDC/BDC Samba v3 setup (DOMA) which trusts a foreign Samba v3 > domain (DOMB). > > we also installed winbindd on both DCs with idmaping in our network > (DOMA) to authenticate users from DOMB. otherwise samba claims "User not > found" or "Finding user xxx: No such User". > > it works great on PDC but not on the BDC. winbind won?t idmap users from > DOMB on our BDC as PDC does. > > winbind.log from BDC: > Added domain DOMA S-1-5-21-1042031166-381324594-2118846581 > Added domain BUILTIN S-1-5-32 > > > winbind.log from PDC: > Added domain DOMA S-1-5-21-1042031166-381324594-2118846581 > Added domain BUILTIN S-1-5-32 > > *Added domain DOMB S-1-5-21-1046543266-381324594-9876846581* > > net rpc trustdom lists the trusted domain (DOMB) on PDC *and* BDC after > establishing the trust on PDC to PDC from DOMB. > > should that work is is this setup not possible with samba? > in case PDC goes down BDC would only find POSIX information for its own > domain and not for the trusted domain, which is bad.Actually trust info is not replicated between DCs (eg, the trust password is not replicated), so you should launch the trustdom command on each samba DC to let it be set in the secrets.tdb file of each DC. Simo. -- Simo Sorce - idra@samba.org Samba Team - http://www.samba.org Italian Site - http://samba.xsec.it
thank you very much simo!! that fixed it cheerz Simo Sorce wrote:> On Wed, 2005-12-07 at 16:45 +0100, Michael Gasch wrote: > >>hi, >> >>we have a PDC/BDC Samba v3 setup (DOMA) which trusts a foreign Samba v3 >>domain (DOMB). >> >>we also installed winbindd on both DCs with idmaping in our network >>(DOMA) to authenticate users from DOMB. otherwise samba claims "User not >>found" or "Finding user xxx: No such User". >> >>it works great on PDC but not on the BDC. winbind won?t idmap users from >>DOMB on our BDC as PDC does. >> >>winbind.log from BDC: >>Added domain DOMA S-1-5-21-1042031166-381324594-2118846581 >>Added domain BUILTIN S-1-5-32 >> >> >>winbind.log from PDC: >>Added domain DOMA S-1-5-21-1042031166-381324594-2118846581 >>Added domain BUILTIN S-1-5-32 >> >> *Added domain DOMB S-1-5-21-1046543266-381324594-9876846581* >> >>net rpc trustdom lists the trusted domain (DOMB) on PDC *and* BDC after >>establishing the trust on PDC to PDC from DOMB. >> >>should that work is is this setup not possible with samba? >>in case PDC goes down BDC would only find POSIX information for its own >>domain and not for the trusted domain, which is bad. > > > Actually trust info is not replicated between DCs (eg, the trust > password is not replicated), so you should launch the trustdom command > on each samba DC to let it be set in the secrets.tdb file of each DC. > > Simo.-- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137