s.schlegel at eos-it-services.com
2011-Feb-14 11:17 UTC
[Samba] getting winbind to work for authenticating 2 different domains - trusted
Hello guys, I got a few questions about winbind / samba and multi domain authentication. At my company we have to different domains. DOMAIN-A and DOMAIN-B My smb.conf is attached (global section only). My linux server (rhel 5.4 x64) is configured with the security mode "ads" and has been joined to the DOMAIN-A via "net ads join DOMAIN-A -U administrator" I can see the users and groups for DOMAIN-A and DOMAIN-B (with wbinfo -u / wbinfo -g), even with "getent passwd" and "getent group". If I initiate the following command, only the list of users for DOMAIN-A is successfull, users for DOMAIN-B alway fail: id DOMAIN-A+schlegels -> successful id DOMAIN-B+schlegels -> No such user Can you please help me with this issue? I spend more than a week with reading documentation about that, but I can't figure out the problem. Samba-Version (also required packages): 3.4.9 smb.conf (global section): [global] workgroup = DOMAIN-A realm = DOMAIN-A.LCL password server = dchh01.domain-a.lcl preferred master = no server string = Linux Test Server security = ads encrypt passwords = yes local master = no log level = 3 log file = /var/log/samba/%m max log size = 50 winbind enum users = Yes winbind enum groups = Yes ##winbind use default domain = Yes winbind nested groups = Yes #winbind separator = \\ winbind separator = + winbind refresh tickets = yes #winbind offline logon = false winbind offline logon = true winbind trusted domains only = no map untrusted to domain = Yes allow trusted domains = yes #obey pam restrictions = yes obey pam restrictions = no idmap uid = 1000-60000 idmap gid = 1000-60000 idmap config DOMAIN-A : backend = rid idmap config DOMAIN-A : range = 1000-30000 idmap config DOMAIN-B : backend = rid idmap config DOMAIN-B : range = 31000-60000 passdb backend = tdbsam ;template primary group = "domain users" template shell = /bin/bash winbind nss info = rfc2307 client use spnego = yes client ntlmv2 auth = yes restrict anonymous = 2 Thanks in advance! With best regards Steven Schlegel | EO-IT-NW Tel: +49 (0)40 2850-1830 | s.schlegel at eos-it-services.com Fax: +49 (0) 40 2850-51830 | http://www.eos-it-services.com EOS. With head and heart in finance EOS IT Services GmbH | Steindamm 71, 20099 Hamburg | AG Hamburg HRB 65 213 Gesch?ftsf?hrer | Dr. Roger Nolting, Hans-Joachim Tautz, Gunnar Woitack Save a tree. Don't print this email unless it's really necessary. Diese E-Mail enth?lt vertrauliche und/oder rechtlich gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This email may contain confidential and/or privileged information. If you are not the intended recipient or have received this email in error, please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.
Steven Schlegel
2011-Feb-21 15:48 UTC
[Samba] getting winbind to work for authenticating 2 different domains - trusted
Hello guys, I got a few questions about winbind / samba and multi domain authentication. At my company we have to different domains. DOMAIN-A and DOMAIN-B My smb.conf is attached (global section only). My linux server (rhel 5.4 x64) is configured with the security mode "ads" and has been joined to the DOMAIN-A via "net ads join DOMAIN-A -U administrator" I can see the users and groups for DOMAIN-A and DOMAIN-B (with wbinfo -u / wbinfo -g), even with "getent passwd" and "getent group". If I initiate the following command, only the list of users for DOMAIN-A is successfull, users for DOMAIN-B alway fail: id DOMAIN-A+schlegels -> successful id DOMAIN-B+schlegels -> No such user Can you please help me with this issue? I spend more than a week with reading documentation about that, but I can't figure out the problem. Samba-Version (also required packages): 3.4.9 smb.conf (global section): [global] workgroup = DOMAIN-A realm = DOMAIN-A.LCL password server = dchh01.domain-a.lcl preferred master = no server string = Linux Test Server security = ads encrypt passwords = yes local master = no log level = 3 log file = /var/log/samba/%m max log size = 50 winbind enum users = Yes winbind enum groups = Yes ##winbind use default domain = Yes winbind nested groups = Yes #winbind separator = \\ winbind separator = + winbind refresh tickets = yes #winbind offline logon = false winbind offline logon = true winbind trusted domains only = no map untrusted to domain = Yes allow trusted domains = yes #obey pam restrictions = yes obey pam restrictions = no idmap uid = 1000-60000 idmap gid = 1000-60000 idmap config DOMAIN-A : backend = rid idmap config DOMAIN-A : range = 1000-30000 idmap config DOMAIN-B : backend = rid idmap config DOMAIN-B : range = 31000-60000 passdb backend = tdbsam ;template primary group = "domain users" template shell = /bin/bash winbind nss info = rfc2307 client use spnego = yes client ntlmv2 auth = yes restrict anonymous = 2 Thanks in advance! With best regards Steven Schlegel