On Thu, Jul 27, 2006 at 04:57:39PM +0200, Mark Proehl
wrote:> Hi,
>
> is "idmap backend = ad" with "winbind nss info = sfu"
supposed to work
> with trusted domains?
>
> - Mark
my problem is this:
vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500
100003
vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500
100003
vm1:~ # wbinfo -S S-1-5-21-450098887-3131224273-1459421348-500
Could not convert sid S-1-5-21-450098887-3131224273-1459421348-500 to uid
both domains are w2k3r2 domains. Samba is 3.0.23a. I suspect that
winbind does not follow the ldap referral from it's own dc to the dc
of the trusted domain.
Or is there a problem with my setup:
[global]
workgroup = W2K3
realm = EXAMPLE.COM
security = ADS
use kerberos keytab = Yes
log level = 10
panic action = sleep 10000
idmap backend = ad
idmap uid = 10000-1000000
idmap gid = 10000-1000000
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = sfu