Setup:
Hundreds of Linux hosts authenticating Domain1(Windows 2003 R2.) using
Samba 3.2.7 RID backend.
Domain1 (W2k3) Trusts Domain2(W2k3) , so users of Domian2 can login to
Linux Hosts.
Now we have added Domain3(W2k3) and configured the Domain1(Primary
Domain) to trust users of Domain3(W2k3) .
So Domain1 is the primary domain and trusts Domain2 and Domain3.
Issue:
The issue is samba can see only one Trusted Domain, either it can see
the users of Domain2 or Domain3 at any point of time. Is my
configuration wrong or is it a bug on samba? Any help is appreciated.
testparm output:
[global]
workgroup = DOMAIN1
realm = DOMAIN1.COM
server string = Samba
security = ADS
obey pam restrictions = Yes
client NTLMv2 auth = Yes
log level = 100
log file = /var/log/winbind
local master = No
dns proxy = No
panic action = /usr/share/samba/panic-action %d
idmap domains = default, DOMAIN1, DOMAIN2, DOMAIN3
idmap uid = 1000 - 199999
idmap gid = 1000 - 199999
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config DOMAIN1:range = 200000 - 299999
idmap config DOMAIN1:backend = rid
idmap config DOMAIN2:range = 100000 - 199999
idmap config DOMAIN2:backend = rid
idmap config DOMAIN3:range = 200000 - 299999
idmap config DOMAIN3:backend = rid
idmap config default:default = Yes
~LA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linux Addict wrote:> winbind offline logon = Yes > idmap config DOMAIN1:range = 200000 - 299999 > idmap config DOMAIN1:backend = rid > idmap config DOMAIN2:range = 100000 - 199999 > idmap config DOMAIN2:backend = rid > idmap config DOMAIN3:range = 200000 - 299999 > idmap config DOMAIN3:backend = rid > idmap config default:default = YesWhy is DOMAIN1 and DOMAIN3 using the same range? cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJfgiCIR7qMdg1EfYRArBAAKDUv8hmDTuSwGe3yDcUbDLOKlZ2WACfXbRO khr4btSOJQMCOQ1dX9GcnSw=3cp+ -----END PGP SIGNATURE-----
Gerald (Jerry) Carter wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Linux Addict wrote: > >> winbind offline logon = Yes >> idmap config DOMAIN1:range = 200000 - 299999 >> idmap config DOMAIN1:backend = rid >> idmap config DOMAIN2:range = 100000 - 199999 >> idmap config DOMAIN2:backend = rid >> idmap config DOMAIN3:range = 200000 - 299999 >> idmap config DOMAIN3:backend = rid >> idmap config default:default = Yes >> > > Why is DOMAIN1 and DOMAIN3 using the same range? > > > > > > cheers, jerry > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFJfgiCIR7qMdg1EfYRArBAAKDUv8hmDTuSwGe3yDcUbDLOKlZ2WACfXbRO > khr4btSOJQMCOQ1dX9GcnSw> =3cp+ > -----END PGP SIGNATURE----- > >Sorry. That must be a typo. They use different ranges for sure.