Patrick Rynhart
2009-Nov-02 03:39 UTC
[Samba] Samba 3.4.2 Trusted Domain Logon gives: "Conflicting domain portions are not supported for NETLOGON calls"
Hi, I'm specifically have a problem with idmap entries not being created in my LDAP backend for trusted domain logons - Local accounts appear to be fine. I have installed the Sernet enterprise packages from: ftp.sernet.de/pub/samba/experimental/rhel/5/i386 I'm preparing the server as follows: 1. smbpasswd -w '<password>' 2. net rpc trustdom establish SANDBOX (where SANDBOX is my trusted domain) 3. net idmap secret SANDBOX '...' 4. net idmap secret alloc '...' 5. Start winbind only (winbindd -D) 6. net sam provision 7. Start nmbd and smbd as daemons Local accounts are fine and the trust appears healthy too: # wbinfo -t checking the trust secret via RPC calls succeeded My smb.conf file is as follows: [global] workgroup = SEAT server string = %h server (Samba %v) wins support = no wins server = 192.168.93.1 name resolve order = wins host bcast lmhosts syslog = 0 debug hires timestamp = yes log level = 100 tdb:100 idmap:100 log file = /var/log/samba/%m.log panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = ldapsam:ldap://127.0.0.1 ldapsam:trusted=yes ldapsam:editposix=yes ldap ssl = no ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz ldap delete dn = yes ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap user suffix = ou=users ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz winbind enum users = yes winbind enum groups = yes winbind uid = 10000-19999 winbind gid = 10000-19999 ldap ssl = no idmap backend = ldap:ldap://127.0.0.1 ldap idmap suffix = ou=idmap ldap password sync = yes idmap alloc backend = ldap idmap alloc config : ldap_url = ldap://127.0.0.1 idmap alloc config : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz idmap alloc config : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz idmap config SANDBOX : backend = ldap idmap config SANDBOX : range = 10000-19999 idmap config SANDBOX : ldap_url = ldap://127.0.0.1 idmap config SANDBOX : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz idmap config SANDBOX : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz idmap config SANDBOX : ldap_alloc_url = ldap://127.0.0.1 idmap config SANDBOX : ldap_alloc_base_dn ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz smb ports = 139 domain master = yes domain logons = yes deadtime = 60 load printers = yes printing = cups printcap name = cups Any hints would be *greatly* appreciated Regards, Patrick
Patrick Rynhart
2009-Nov-02 04:13 UTC
[Samba] Samba 3.4.2 Trusted Domain Logon gives: "Conflicting domain portions are not supported for NETLOGON calls"
I was thinking that I could be missing some key libraries, perhaps I still am ? I have tried the following: install -m 0644 /root/samba-3.4.2/source3/bin/libtalloc.so.1 /lib install -m 0644 /root/samba-3.4.2/source3/bin/libtdb.so.1 /lib install -m 0644 /root/samba-3.4.2/source3/bin/libwbclient.so.0 /lib install -m 0644 /root/samba-3.4.2/nsswitch/libnss_winbind.so /lib install -m 0644 /root/samba-3.4.2/nsswitch/libnss_wins.so /lib install -m 0644 /root/samba-3.4.2/nsswitch/libnss_wins.so /lib/libnss_winbind.so.2 install -m 0644 /root/samba-3.4.2/nsswitch/libnss_wins.so /lib/libnss_wins.so.2 Thanks! Patrick Patrick Rynhart wrote:> Hi, > > I'm specifically have a problem with idmap entries not being created in > my LDAP backend for trusted domain logons - Local accounts appear to be > fine. > > I have installed the Sernet enterprise packages from: > > ftp.sernet.de/pub/samba/experimental/rhel/5/i386 > > I'm preparing the server as follows: > > 1. smbpasswd -w '<password>' > 2. net rpc trustdom establish SANDBOX (where SANDBOX is my trusted domain) > 3. net idmap secret SANDBOX '...' > 4. net idmap secret alloc '...' > 5. Start winbind only (winbindd -D) > 6. net sam provision > 7. Start nmbd and smbd as daemons > > Local accounts are fine and the trust appears healthy too: > > # wbinfo -t > checking the trust secret via RPC calls succeeded > > My smb.conf file is as follows: > > [global] > workgroup = SEAT > server string = %h server (Samba %v) > wins support = no > wins server = 192.168.93.1 > name resolve order = wins host bcast lmhosts > syslog = 0 > debug hires timestamp = yes > log level = 100 tdb:100 idmap:100 > log file = /var/log/samba/%m.log > panic action = /usr/share/samba/panic-action %d > security = user > encrypt passwords = true > passdb backend = ldapsam:ldap://127.0.0.1 > ldapsam:trusted=yes > ldapsam:editposix=yes > ldap ssl = no > ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz > ldap delete dn = yes > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ldap user suffix = ou=users > ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz > > winbind enum users = yes > winbind enum groups = yes > winbind uid = 10000-19999 > winbind gid = 10000-19999 > > ldap ssl = no > idmap backend = ldap:ldap://127.0.0.1 > ldap idmap suffix = ou=idmap > > ldap password sync = yes > > idmap alloc backend = ldap > idmap alloc config : ldap_url = ldap://127.0.0.1 > idmap alloc config : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz > idmap alloc config : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz > idmap config SANDBOX : backend = ldap > idmap config SANDBOX : range = 10000-19999 > idmap config SANDBOX : ldap_url = ldap://127.0.0.1 > idmap config SANDBOX : ldap_base_dn = ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz > idmap config SANDBOX : ldap_user_dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz > idmap config SANDBOX : ldap_alloc_url = ldap://127.0.0.1 > idmap config SANDBOX : ldap_alloc_base_dn > ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz > > smb ports = 139 > domain master = yes > domain logons = yes > deadtime = 60 > load printers = yes > printing = cups > printcap name = cups > > Any hints would be *greatly* appreciated > > Regards, > > Patrick >