Hi all, we have the following problem: We are running two windows domains, which trust each other. We have several RHEL6-Servers, which act as samba servers with windows domain authentication. Domain A is configured as realm in smb.conf. As long as we run samba3, all users from domain A and domain B are able to be authenticated. "wbinfo -g" lists all windows groups from domain A and domain B as well. If we update to samba4, the groups and users of domain B are not shown any longer. The users of domain B cannot be authenticated. The problem ist reproducable: If I remove samba 4 and install samba 3 (same config), domain B is fully usable again. The problem also occurs on different servers in the same way. Could you give any advice, where the problem is resulting from and/or how to solve it? Many Thanks in advance. Kind Regards Josef Wölfle Sysadmin in Germany.
Hello Josef, Am 18.12.2016 um 15:39 schrieb Josef Wölfle via samba:> We are running two windows domains, which trust each other. > > We have several RHEL6-Servers, which act as samba servers with windows > domain authentication. > > Domain A is configured as realm in smb.conf. > > As long as we run samba3, all users from domain A and domain B are able > to be authenticated. "wbinfo -g" lists all windows groups from domain A > and domain B as well. > > If we update to samba4, the groups and users of domain B are not shown > any longer. The users of domain B cannot be authenticated.You are talking about samba3 and samba4. Can you please let us know the exact version numbers, because, for example, Samba 4.0.0 was released 4 years ago and 4.5.2 is less than two weeks old. And Samba 3 versions were shipped between 2003 and 2015. Detailed version information are really helpful, because a lot of things were changed and parameters may have new defaults meanwhile. You are talking about "windows domains", so I guess that you are running Windows DCs and your RHEL servers are just AD domain members. Please give us some more details about the environment and let us see your smb.conf file. I'm sure this helps a lot to find an answer. :-) Regards, Marc
Are both samba3 and samba4 provided as RPM's or did you have to compile
one version?
The wbinfo command from samba3 will not work with samba4 server.
Does "wbinfo -i DOMAINX\userx" show uidNumber being assigned?
I compiled Samba 4.5.1 on solaris 11. To join and AD domain I had to set
client ldap sasl wrapping = plain
ldap server require strong auth = no
Since samba4 was compiled in a separate directory I had to make sure
that "/usr/lib/nss_winbind.so.1" was symlinked to the Samba4
"../lib/nss_winbind.so.1" file for getent to work.
On 12/18/16 09:39, Josef Wölfle via samba wrote:> Hi all,
>
> we have the following problem:
>
> We are running two windows domains, which trust each other.
>
> We have several RHEL6-Servers, which act as samba servers with windows
> domain authentication.
>
> Domain A is configured as realm in smb.conf.
>
> As long as we run samba3, all users from domain A and domain B are
> able to be authenticated. "wbinfo -g" lists all windows groups
from
> domain A and domain B as well.
>
> If we update to samba4, the groups and users of domain B are not shown
> any longer. The users of domain B cannot be authenticated.
>
> The problem ist reproducable: If I remove samba 4 and install samba 3
> (same config), domain B is fully usable again.
>
> The problem also occurs on different servers in the same way.
>
> Could you give any advice, where the problem is resulting from and/or
> how to solve it?
>
> Many Thanks in advance.
>
> Kind Regards
>
> Josef Wölfle
>
> Sysadmin in Germany.
>
>