Some time back I upgraded a domain controller (Solaris 10) from samba
3.0.x to 3.4.5
In order to support interdomain trusts I am using winbind and idmap
allocation with a samba backend. Since the upgrade it appears that
samba is no allocating uid and gid's for trusted domain.
my smb.conf looks something like:
----------------------------------------------------------------------------------------------------------------------------
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = no
winbind trusted domains only = no
# The "idmap domains" has been deprecated in 3.4
# idmap domains = DOMAIN_A DOMAIN_B DOMAIN_C
# Next two lines restored in 3.4 - but prob don't need
idmap uid = 30000-59999
idmap gid = 30000-59999
idmap config DOMAIN_A:backend = ldap
idmap config DOMAIN_A:readonly = no
idmap config DOMAIN_A:default=no
idmap config DOMAIN_A:ldap_base_dn = ou=domain_a,ou=idmap,o=mydomain.com
idmap config DOMAIN_A:ldap_user_dn = cn=Directory Manager
idmap config DOMAIN_A:ldap_url = ldap://ldap1.domain.com
idmap config DOMAIN_A:range = 30000-39999
idmap config DOMAIN_B:backend = ldap
idmap config DOMAIN_B:readonly = no
idmap config DOMAIN_B:default=no
idmap config DOMAIN_B:ldap_base_dn = ou=domain_b,ou=idmap,o=mydomain.com
idmap config DOMAIN_B:ldap_user_dn = cn=Directory Manager
idmap config DOMAIN_B:ldap_url = lldap://ldap1.domain.com
idmap config DOMAIN_B:range = 40000-45999
....
----------------------------------------------------------------------------------------------------------------------------
Domain_A (Windows 2003 AD in Mixed mode) has entries from prior to the
upgrade and hasn't had new accounts added recently. Domain_B (Windows
2008 in Windows 2003 mode) is a new addition. No idmap entries ever
populated. They should have populated after I ran "wbinfo -u" and
"getent passwd" on the samba PDC.
Any ideas?
Thanks
