search for: domb

Hi everyone, I have two domains with a two way trust (DomA and DomB). When users from DomA (on a DomB Linux PC) access sysvol on DomB's DC using smbclient everything works: # smbclient //DomB /sysvol -Udoma\\user -c 'ls' -k . D 0 Thu Jan 9 13:53:03 2020 .. D 0 Thu...

Hi, Between Samba 3.4.15 and 3.5.11 there was a change in how 'wbinfo -r' gathers the groups of which a given user is member of. Assume there is a Windows 2003 domain called DOMA. This domain has a child domain DOMB. On DOMA there is a security group G-DL-DOMA which has domain local scope. On DOMB there is a security group G-U-DOMB which has universal scope. Group G-U-DOMB is member of group G-DL-DOMA. Due to the domain local scope of G-DL-DOMA, this membership is only known to DOMA. Group G-U-DOMB has a u...

If I create directory on the DomB DC named /test and create the following share: [test] path = /test read only = No acl_xattr:ignore system acls = yes DomA users can access that through Windows on DomB without issue, but if I set [sysvol] to "path - /test they cannot". There appears to be some s...

...a different domain get access. This worked fine on my samba3 member server, but I don't remember if I did anything special. I do have authentication set on the AD object for the users in question and we have a one-way trust with the other domain. All DCs are Windows servers. DOMA = my domain DOMB = other domain wbinfo -m lists both domains, among others wbinfo --online-status shows DOMA as online, DOMB as offline wbinfo -D DOMA works and shows everything as "Yes". wbinfo -D DOMB works, but shows everything as "No", including the "Active Directory" field. My...

...allow trusted domains = no winbind cache time = 60 template shell = /bin/bash template homedir = /data/users/%U ##################################### but it?s not working with ##################################### # WINBIND - Settings idmap backend = idmap_rid:DOMA=10000-20000,DOMB=20001-50000 idmap uid = 10000-50000 idmap gid = 10000-50000 allow trusted domains = yes winbind use default domain = no winbind enum users = no winbind enum groups = no winbind trusted domains only = no allow trusted domains = no winbind cache time = 60 temp...

...elationship appears to be working correctly. I can log on onto PC's at either end on either Domain :) and the browse lists of both domains are syncronising properly. I am using the same WINS server for both domains and this is located in DomA on the Primary Domain Controller. I want users on DomB to be able to access shares on Domain Member servers on DomA. Winbind is running on my fileservers and i am using ldap as an idmap backend. Users from DomA are mapped on my Domain member server using ldap and DomB users are mapped using winbind. I have the following entry in my nsswitch.conf f...

Hi All, Wonder is someone can help? We have mixed windows & Linux boxes in DomA network. Afaik all DomA clients are blocked and direct connection to DomB are not possible by design & for security. DomA DC(Windows) -- trust --> DomB DC(Windows) ^ | DomA Linux Client(DALC) winbind Samba 3.0.33 For some reason DomA Linux Client attempts ldap connection to all DomB DC once in 5 to 10 minutes. When that happens it halts application & comman...

Hi, I have two Windows Domains, DOMA and DOMB. A Samba 3.6 Server is a member server in DOMA. DOMA has a (unidirectional) trust relationship to DOMB. Users from DOMB should be able to connect and authenticate at the Samba server. The domain controller of DOMB has the IP 10.35.5.25. During authentication of a DOMB user at a share I get the fo...

The company I work for is split across two sites, each site has its own domain. The local end is a Samba server (DomA) with about 50 users, the remote end is NT4(DomB) with about 150 active users (400+ usernames in userlist). The two sites are connected over a VPN (Internally DomA=172.16.1.0/24, DomB=10.1.0.0/16) and the two domains trust each other. Users from either site regularly visit, and work from, the other site. When a DomA user logs in from either s...

I'm currently building a Samba3-based domain (DomA) that has a trust relationship with an existing production NT4 domain (DomB). DomA uses an LDAP backend. The LDAP server is local on the PDC and is dedicated to such use. DomA runs Samba 3.5.6 on Debian 6.0. DomB is an old-timer: NT4 domain that's running for ages. The trust relationship has been established: DomA trusts DomB. Clients (Windows XP workstations) can...

Hello all. I've set up a testing environment with two Windows DCs. The first, called DCA, is serving the domain DOMA and is running Windows 2003. The second is called DCB and serves DOMB on Windows 2008. The Samba machine I'm setting up (named ULYSSES) should be able to authenticate users from both domains for shell login. I've installed Samba 3.2.3 as a Debian package and closely followed the fine Howto by Michael Battista (http://www.ccs.neu.edu/home/battista/documentati...

...able to migrate users, groups, and computers at my leisure from one domain to another. So, I've also successfully configured the trust relationship (I think). I go to a Windows machine that is a member of my original domain (DOMA) and I can log in with a user on either DOMA or my new domain (DOMB). I can also modify file shares on these computers and give users on either domain access to my files, etc. I have a multi-subnet environment, so my Windows NT4 machines are running WINS to make sure that all computers in the domain can find a logon server. I've configured my new Samba serve...

...hours. At samba/winbindd startup I have the uid/gid allocated starting at the beginning of the range in "idmap alloc config:range" directive. Also, I may have trouble with my configuration, because the trusted domain uid/gid are not allocated in the range given by the "idmap config DOMB:range" directive, and at startup, I get the gids allocated to BUILTIN groups overlapping the gids allocated to the trusted domain. Here is the relevant section of my smb.conf : idmap domains = DOMB idmap backend = idmap alloc backend = tdb idmap cache time = 9...

Hallo. I have problem configuring winbind to authenticate against Active Directory (Windows Server 2003 R2 in native mode). Our net topology seems as follows: - We have PDCs for domain DOMA (i.e.) - there are user accounts for all people on our university. - We have PDC for domain DOMB (DC for our department) that holds computer accounts. - Between DOMA and DOMB is one side trust. So Windows clients in domain DOMB can authenticate against user accounts both domains (prefered DOMA). I have problem configuring Linux box (FC5 now but it's not necessary) to authenticate again...

This one doesn't make any sense to me. What's worse, it seems to occasionally work and sometimes not. I am attempting to log into a domain (DOMA let's say) and I only have an account on DOMB. When DOMA's Samba PDC attempts to create a UNIX account for me, this is what happens: [2005/01/04 15:47:15, 3] auth/auth_util.c:smb_create_user(53) smb_create_user: Running the command `/usr/sbin/useradd -g guestsmb -c "<Samba tmpwacc Temp Guest Account>" -s /bin/false tmp...

Hi, Trusting domain: DOMA Trusted domain : DOMB We are running samba-winbind 3.0.24 and have problems when authenticating user from a trusted domain (DOMB) (idmap backend = ad) in to DOMA. After some investigations, we found that when we are trying to login as a user from DOMB, it seems that sid2uid looks in own domain only, and fails to retri...

I have 2 domains in my forest. I need to allow users from both DomA (The forest root and the Domain the server is joined to) and DomB to log in. All works fine with DomA, but no one from DomB can log in. wbinfo --domain=DOMB -u returns error looking up domain users. wbinfo -D DOMB returns the following: Name : DOMB Alt_Name : DOMB.local SID : S-1-5-21-1846896199-2149236580-2910475250 Active Di...

...ould keep the state. If I am allocating each 64 CPU in each domain, it is terribly painful to set the state again whenever rebooting the domains. In addition, when we use the configuration file defined as follows: vcpus=2 + cpus="0" for DomA vcpus=2 + cpus="1-63" for DomB the state is useful only for a first time. The domains will have following state because the state will be reset by rebooting. It is not a good result. 1) first state -- vcpu pcpu DomA 0 0 1 0 DomB 0 1-63 1 1-63 2) allocate 1 pcpu to each vcpu of DomA and decrease...

...issue to me because if for any reason the tunnel is broken, I have no longer WINS on one side). Finally here is my setup : Network A 1.1.0.0/16 with Samba DC ServA for domain DomA at ip 1.1.254.254 (which also act as IPSEC gateway and firewall). Network B 2.1.0.0/16 with Samba DC ServB for domain DomB at ip 2.1.254.254 (which also act as IPSEC gateway and firewall). Browsing is Ok (I think) : preferred master = Yes local master = Yes domain master = Yes browse list = Yes enhanced browsing = Yes remote announce = 1.1.254.254 (2.1.254.254 for ServA...

I?m trying to understand a weird authentication failure: I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, with a bidirectional forest trust. The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is running a recent build from git master (f38077ea5ee). When I test authentication of users in each domain by running ntlm_auth on the samba server, it is