wp1101412-josef
2016-Dec-19 14:16 UTC
[Samba] Samba] Samba4 problem with Wndows Domain Trust
Hi Gaiseric, both packages have been provided as RPM and installed by yum. We didn´t have to compile. "wbinfo -i" shows the correct uidnumber for users of DOMAIN_A, but nothing for users auf the trusted Domain DOMAIN_B. We have another server running Centos 6 and Samba 4.4.4. It shows the same problem: Only users and groups of DOMAIN_A are available. The settings: ldap server require strong auth = no => this makes no change. client ldap sasl wrapping = plain => If I set this, "wbinfo -g" lasts very much longer and doesn´t deliver anything at all any longer. Kind regards Josef
Gaiseric Vandal
2016-Dec-19 14:44 UTC
[Samba] Samba] Samba4 problem with Wndows Domain Trust
Which idmap backend are you using? One thing to try is setting the idmap backend for the trusted domains to TDB (local database file) This is not a great long term solution since you will not have consistent mappings between domains. However it may help determine if the issue is with winbind and idmap in general or with the specific idmap backend (e.g. rid, ad, ldap.) Are the domain controllers running Samba or Windows ? On 12/19/16 09:16, wp1101412-josef via samba wrote:> > > Hi Gaiseric, > > both packages have been provided as RPM and installed by yum. We didn´t have to > compile. > > > > "wbinfo -i" shows the correct uidnumber for users of DOMAIN_A, but nothing for > users auf the trusted Domain DOMAIN_B. > > > > We have another server running Centos 6 and Samba 4.4.4. It shows the same > problem: Only users and groups of DOMAIN_A are available. > > > > The settings: > > ldap server require strong auth = no => this makes no change. > > client ldap sasl wrapping = plain => If I set this, "wbinfo -g" lasts very > much longer and doesn´t deliver anything at all any longer. > > > > Kind regards > > Josef
How would I set the idmap backend to TDB ? Both domain controlers are running Windows 2008 Server. Am 19.12.2016 um 15:44 schrieb Gaiseric Vandal:> Which idmap backend are you using? > > One thing to try is setting the idmap backend for the trusted domains > to TDB (local database file) This is not a great long term solution > since you will not have consistent mappings between domains. However > it may help determine if the issue is with winbind and idmap in > general or with the specific idmap backend (e.g. rid, ad, ldap.) > > > > Are the domain controllers running Samba or Windows ? > > > On 12/19/16 09:16, wp1101412-josef via samba wrote: >> >> Hi Gaiseric, >> >> both packages have been provided as RPM and installed by yum. We >> didn´t have to >> compile. >> >> >> "wbinfo -i" shows the correct uidnumber for users of DOMAIN_A, but >> nothing for >> users auf the trusted Domain DOMAIN_B. >> >> >> We have another server running Centos 6 and Samba 4.4.4. It shows the >> same >> problem: Only users and groups of DOMAIN_A are available. >> >> >> The settings: >> >> ldap server require strong auth = no => this makes no change. >> >> client ldap sasl wrapping = plain => If I set this, "wbinfo -g" >> lasts very >> much longer and doesn´t deliver anything at all any longer. >> >> >> Kind regards >> >> Josef > > > >