Sergent, Jean-Paul
2011-Jul-21 08:53 UTC
[Samba] AD integration and idmap_adex not translating sid-to-uid domain trusts
Hi Guys, I'm setting up a new file server in our domain environment and I'm having problems with the adex configuration/module. I have couple of working file servers using rfc2307/idmap_ad and they are working perfectly. What attracted me to the idmap_adex module is the domain trust/forrest authentication support. I have 2 domains not in the same forest with a 1-way trust setup. The server in question is joined to the domain that is trusted by the "outside" domain. Here are pastbins of my cleaned configs: krb5.conf<http://pastebin.com/VgV3s8zG> smb.conf<http://pastebin.com/m84qzhwq> wbinfo -u This command lists all the users of both domains wbinfo -g works same as -u wbinfo -i "username" Could not get info for user winbindd.log will output "Could not convert sid NT_STATUS_INVALID_PARAMETER" "getent passwd" doesn't work either I'm at a loss, I've tried many different config options and nothing really changes. My nsswitch is setup "files winbind" for passwd and group. I have used "kinit" and "net ads join" successfully. The thing that stumps me is idmap_ad works perfectly but just doesn't support domain trusts. Does anybody have rfc2307 schema in AD and samba working with multiple domains? Thanks for your help. -JP Important : This message is intended only for the recipient(s) identified above by the originator or forwarder of this message and may contain information that is confidential, proprietary and/or legally privileged. If you have any reason to believe or suspect that this message may have come to you in error, please notify the originator of this message of your receipt of it, refrain from sharing this message with anyone else, delete it from each computer or server on which it is stored (without copying it or printing it out) and take no other action based on its content. Thank you.
Sergent, Jean-Paul
2011-Jul-21 17:29 UTC
[Samba] AD integration and idmap_adex not translating sid-to-uid domain trusts
Hi Guys, I'm setting up a new file server in our domain environment and I'm having problems with the adex configuration/module. I have couple of working file servers using rfc2307/idmap_ad and they are working perfectly. What attracted me to the idmap_adex module is the domain trust/forrest authentication support. I have 2 domains not in the same forest with a 1-way trust setup. The server in question is joined to the domain that is trusted by the "outside" domain. Here are pastbins of my cleaned configs: krb5.conf<http://pastebin.com/VgV3s8zG> smb.conf<http://pastebin.com/m84qzhwq> wbinfo -u This command lists all the users of both domains wbinfo -g works same as -u wbinfo -i "username" Could not get info for user winbindd.log will output "Could not convert sid NT_STATUS_INVALID_PARAMETER" "getent passwd" doesn't work either I'm at a loss, I've tried many different config options and nothing really changes. My nsswitch is setup "files winbind" for passwd and group. I have used "kinit" and "net ads join" successfully. The thing that stumps me is idmap_ad works perfectly but just doesn't support domain trusts. Does anybody have rfc2307 schema in AD and samba working with multiple domains? Thanks for your help. -JP Important : This message is intended only for the recipient(s) identified above by the originator or forwarder of this message and may contain information that is confidential, proprietary and/or legally privileged. If you have any reason to believe or suspect that this message may have come to you in error, please notify the originator of this message of your receipt of it, refrain from sharing this message with anyone else, delete it from each computer or server on which it is stored (without copying it or printing it out) and take no other action based on its content. Thank you.