search for: trusteddomain

...s and looking at logs on the PDC, any "wbinfo" commands on the member servers only query the PDC for their own domain, even if they are querying info on users from a trusted domain. wbinfo -a (--authenticate) does work from member servers # /usr/local/samba/bin/wbinfo -a "TRUSTEDDOMAIN\someuser " EnterTRUSTEDDOMAIN\someuserr's password: plaintext password authentication succeeded Enter TRUSTEDDOMAIN\someuser's password: challenge/response password authentication succeeded # On 12/14/16 14:46, Gaiseric Vandal wrote: > On a samba 4.5.1 domain...

...al is to drop the classic domain in favor of the AD domain. Also trying to move from samba 3.x to 4.x since Samba 3 is EOL'd. the "wbinfo -u" command will list users in the servers domain but not trusted domains. However the "wbinfo -n" comand (e.g. "wbinfo -n TRUSTEDDOMAIN\username") does return the user's SID, and "getent passwd" may be able to show the trusted user (depending on idmap config.) Typical winbind settings are # testparm -v | grep winbind .... winbind separator = \ winbind cache time = 300 winbind re...

...nf below workgroup = THISDOMAIN security = user passdb backend = ldapsam:ldap://xxxxxxxxxxxxxxxxx idmap config * : backend = tdb idmap config * : range = 5000-6000 idmap config THISDOMAIN : backend = nss idmap config THISDOMAIN : range = 100-300 idmap config TRUSTEDDOMAIN:backend = ldap idmap config TRUSTEDDOMAIN:readonly = no idmap config TRUSTEDDOMAIN:default=no idmap config TRUSTEDDOMAIN:ldap_base_dn = ou=xxxxxxxxxx idmap config TRUSTEDDOMAIN:ldap_user_dn = xxxxxxxxx idmap config TRUSTEDDOMAIN:ldap_url = ldap://xxxxxxxxxxx idmap config TRU...

...ntation about idmap_nss but I'm still not sure if this is needed for my setup. Will using idmap_nss in addition to idmap_ldap result in any benefit (e.g. when mapping local, non-ldap unix users)? I am thinking of a setup like: -------------------- 8< -------------------- idmap domains = NSS TRUSTEDDOMAINS # <is this needed?> idmap config NSS:backend = nss idmap config NSS:readonly = yes # </is this needed?> idmap config TRUSTEDDOMAINS:default = yes idmap config TRUSTEDDOMAINS:backend = ldap idmap config TRUSTEDDOMAINS:readonly = no idmap config TRUSTEDDOMAINS:ldap_url = ldap://127....

...ng out user information with wbinfo using the idmap/rid module. The tdb module works without crash (tested by exchanging the uncommented and commented lines in the following fragment from smb.conf). I configured rid as follows: [global] # idmap uid=1000-60000 # idmap gid=1000-60000 idmap domains=TRUSTEDDOMAINS idmap config TRUSTEDDOMAINS:readonly=yes idmap config TRUSTEDDOMAINS:backend=rid idmap config TRUSTEDDOMAINS:default=yes idmap config TRUSTEDDOMAINS:base rid=1000 idmap config TRUSTEDDOMAINS:range=1000 - 60000 In the log (level 10) I find the last lines before winbindd dies: [2007/10/26 12:50:27...

Hi Guys, I am attempting to configure AC:L's I have enabled it in smb.conf for my share and remounted my fs with acl enabled. However if I attempt to edit security permissions for the group "Domain Users" it creates two more group "CREATOR GROUP" and "CREATOR OWNER" and refreshes the security properties and then just resets the tick boxes i had selected. I

I have some users I was to allow access to a dir, I know I will need to setup ACL's however when this is done can I add users to dirs like I can in windows? Thanks

...ironment ? Details / Versions pls see below. thx Micha Versions: SLES 11 SP1: -------------------------------- samba-client-3.4.3-1.17.2 samba-winbind-3.2.7-11.6 samba-3.4.3-1.17.2 smb.conf: workgroup = CAD realm = CAD.SITE.NET security = ADS idmap domains = CAD TRUSTEDDOMAINS idmap config CAD:backend = ad idmap config CAD:readonly = yes idmap config CAD:range = 300 - 1000000 idmap config TRUSTEDDOMAINS:backend = tdb idmap config TRUSTEDDOMAINS:default = yes idmap config TRUSTEDDOMAINS:range = 1000001 - 1999999...

Does anyone know if interdomain trusts work in samba at all and what versions they do? I am trying to get a 1 way trust working between two domains and DOM A (which samba is joined to works in mapping users via winbind) just not the one way trust for the other domain.... DOM B Samba is just a joined member of the domain A with security = ads with nothing more than winbind id rid maps for both

...2:40241 for DNS/a.root-servers.net at HH3.SITE [canonicalize, renewable] Kerberos: Searching referral for a.root-servers.net Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server DNS/a.root-servers.net at HH3.SITE that was not found Failed find a single entry for (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): got 0 Kerberos: samba_kdc_fetch: could not find principal in DB Kerberos: Server not found in database: krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40241 Term...

...2:40241 for DNS/a.root-servers.net at HH3.SITE [canonicalize, renewable] Kerberos: Searching referral for a.root-servers.net Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server DNS/a.root-servers.net at HH3.SITE that was not found Failed find a single entry for (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): got 0 Kerberos: samba_kdc_fetch: could not find principal in DB Kerberos: Server not found in database: krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40241 Term...

On 10/09/2019 04:57, Jeremy via samba wrote: > Hi all, > > I have an question about getting child domain users on Samba 4.10.7. > 1. I have the command net ads search '(objectCategory=trustedDomain)' -P > and already get the info below: > objectClass: top > objectClass: leaf > objectClass: trustedDomain > cn: hardware.qsan.ad.com > distinguishedName: CN=hardware.qsan.ad.com,CN=System,DC=qsan,DC=ad,DC=com > instanceType: 4 > whenCreated: 20180611041431.0Z > whenC...

...strator at HH3.SITE from ipv4:192.168.1.3:56859 for ldap/hh3.site at HH3.SITE [canonicalize, renewable] Kerberos: Searching referral for hh3.site Kerberos: Returning a referral to realm SITE for server ldap/hh3.site at HH3.SITE that was not found Failed find a single entry for (&(objectClass=trustedDomain)(|(flatname=SITE)(trustPartner=SITE))): got 0 Kerberos: samba_kdc_fetch: could not find principal in DB Kerberos: Server not found in database: krbtgt/SITE at HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.3:56859 I've tried making a ldap principal bu...

Hi all, I have an question about getting child domain users on Samba 4.10.7. 1. I have the command net ads search '(objectCategory=trustedDomain)' -P and already get the info below: objectClass: top objectClass: leaf objectClass: trustedDomain cn: hardware.qsan.ad.com distinguishedName: CN=hardware.qsan.ad.com,CN=System,DC=qsan,DC=ad,DC=com instanceType: 4 whenCreated: 20180611041431.0Z whenChanged: 20190824083646.0Z uSNCreated: 13099 u...

...amba-tool domain trust list/show" do present sensible information: # samba-tool domain trust list Type[External] Transitive[No]  Direction[OUTGOING] Name[KRB.REALM] # samba-tool domain trust show KRB.REALM LocalDomain Netbios[AD] DNS[ad.domain] SID[S-1-5-21-611510720-3146064378-2947260547] TrustedDomain: NetbiosName:    KRB.REALM SID:            None Type:           0x3 (MIT) Direction:      0x2 (OUTBOUND) Attributes:     0x1 (NON_TRANSITIVE) PosixOffset:    0x00000000 (0) kerb_EncTypes:  0x18 (AES128_CTS_HMAC_SHA1_96,AES256_CTS_HMAC_SHA1_96) However I have already noticed one thing that is brok...

...Type[External] Transitive[No]  Direction[BOTH]     >> Name[testad1.company.com] > >> root at testad2dc:/var/log/samba# samba-tool domain trust show testad1 >> LocalDomain Netbios[TESTAD2] DNS[testad2.company.com] >> SID[S-1-5-21-1012147493-3366197983-1829854343] >> TrustedDomain: > >> NetbiosName:    TESTAD1 >> DnsName:        testad1.company.com >> SID:            S-1-5-21-2509583006-2398556320-3264531554 >> Type:           0x2 (UPLEVEL) >> Direction:      0x3 (BOTH) >> Attributes:     0x4 (QUARANTINED_DOMAIN) >> PosixOffset: ...

Hi, Having read the release notes on the status of trusts within samba, we see for 4.9 > "improved support for trusted domains" but we also always see these messages: > "Both sides of the trust need to fully trust each other!" and > "DCs of domain A can grant domain admin rights in domain B" What we would like to achieve is a one-way incoming trust

...fo -u" only shows users from the local domain. It does not show users from the trusted domain. The "wbinfo -m" (or "wbinfo - trusted-domains") command on the member server list the BUILTIN domain, local domain, trusted domain and local machine. The "wbinfo -D TRUSTEDDOMAIN" command does list the DC and other domain info for the trusted domain. Idmapping is not yet configured on the member server for the trusted domain (I believe that is required for file permissions and "getent passwd" to work but not for just listing users and groups.) Th...

...t of NT 4.0 machines where all PDC's/BDC's are NT machines. We have 2 trusted domains (also NT PDC's). Samba/winbind work great locally, but the trusted accounts are not working. Here's a run down of what works and what doesn't: wbinfo -m #shows trusted domains wbinfo -a TRUSTEDDOMAIN+user%pass #successful wbinfo -u/-g #only accounts/groups for local domain, not trusted wbinfo -I #works on locals, trusted returns nothing wbinfo -N #resolves correctly for local or trusted wbinfo --sequence #shows all domains, however trusted are shown as DISCONNECTED I've read a few po...

...account at HH3.SITE from ipv4:192.168.1.3:33002 for ldap/hh3.site at HH3.SITE [canonicalize, renewable] Kerberos: Searching referral for hh3.site Kerberos: Returning a referral to realm SITE for server ldap/hh3.site at HH3.SITE that was not found Failed find a single entry for (&(objectClass=trustedDomain)(|(flatname=SITE)(trustPartner=SITE))): got 0 Kerberos: samba_kdc_fetch: could not find principal in DB Kerberos: Server not found in database: krbtgt/SITE at HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.3:33002 OK fine. So I use samba-tool to make a pr...