similar to: Samba 3.x trusts on member server causing samba crash?

On both Samba 4.5.1 member server and Samba 3.6.25 member server I tried the following command wbinfo –set-uid-mapping=35049,S-1-5-21-xx-xx-xxx-xxx this should have created a mapping entry consistent with the one on the domain controller for a trusted user But I got the following error failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED As far as I can tell from network

On a samba 4.5.1 domain controllers (PDC and BDC), classic domain , LDAP is used as the backend for both user accounts AND for the idmapping of trusted domains . Partial smb.conf below workgroup = THISDOMAIN security = user passdb backend = ldapsam:ldap://xxxxxxxxxxxxxxxxx idmap config * : backend = tdb idmap config * : range = 5000-6000 idmap config THISDOMAIN :

Running a mix of samba versions (3.6.25 and 4.5.1) in two domains- one "classic" (with samba domain controllers) and one AD (with windows domain controllers.) The eventual goal is to drop the classic domain in favor of the AD domain. Also trying to move from samba 3.x to 4.x since Samba 3 is EOL'd. the "wbinfo -u" command will list users in the servers domain

On 18/12/14 17:24, Gaiseric Vandal wrote: > I don't have an AD backend for this domain. The DC's are "classic" > domain controllers, Samba 3.6 , with LDAP backend for all accounts. > Would this still be an option? > > > > > I tried adding > > > idmap config MYDOMAIN:schema_mode = rfc2307 > idmap config MYDOMAIN:backend = ad > idmap

On 18/12/14 16:43, Gaiseric Vandal wrote: > I think IDMAP_RID would not be the appropriate solution for me. Not > only do I want consistent IDMapping across all servers - which this > could do - but I want them to match the the existing unix uidNumber > in LDAP. You never said that you had uidNumber in LDAP!, in fact you seemed to mention every winbind backend except the one that

I think IDMAP_RID would not be the appropriate solution for me. Not only do I want consistent IDMapping across all servers - which this could do - but I want them to match the the existing unix uidNumber in LDAP. Thanks for your help. On 12/18/14 04:29, Rowland Penny wrote: > On 17/12/14 22:01, Gaiseric Vandal wrote: >> I have two Samba 3.6.24 domain controllers (Solaris

I don't have an AD backend for this domain. The DC's are "classic" domain controllers, Samba 3.6 , with LDAP backend for all accounts. Would this still be an option? I tried adding idmap config MYDOMAIN:schema_mode = rfc2307 idmap config MYDOMAIN:backend = ad idmap config MYDOMAIN:range = 100-300 Didn't seem to work. Thanks On 12/18/14 11:57, Rowland

I am trying to configuring Samba 4 classic PDC to trust Windows 2012 domain "DomainB" - the PDC is running Windows 2012 but the forest and domain functional levels are still Windows 2008. On the Win 2012 PDC I try to set up an incoming trust, but it fails with "The local security authority is unable to obtain an RPC connection to the active directory domain controller

On 17/12/14 23:01, Gaiseric Vandal wrote: > I have two Samba 3.6.24 domain controllers (Solaris 10.) On all > machines unix accounts and groups are in the LDAP as well as idmap > entries for trusted domains. Samba accounts on domain controllers are > in LDAP so there is problem with consistency unix/windows id and group > mapping on the domain controllers. The domain

On 17/12/14 22:01, Gaiseric Vandal wrote: > I have two Samba 3.6.24 domain controllers (Solaris 10.) On all > machines unix accounts and groups are in the LDAP as well as idmap > entries for trusted domains. Samba accounts on domain controllers > are in LDAP so there is problem with consistency unix/windows id and > group mapping on the domain controllers. The domain

I have two Samba 3.6.24 domain controllers (Solaris 10.) On all machines unix accounts and groups are in the LDAP as well as idmap entries for trusted domains. Samba accounts on domain controllers are in LDAP so there is problem with consistency unix/windows id and group mapping on the domain controllers. The domain controllers are the main file servers as well. I am configuring a

I have a samba classic domain, called it "DomainA." All domain controllers and servers are running 3.6.25 on Solaris 11. The PDC and BDC use an LDAP backend for unix, samba and idmap data. Member servers use LDAP backend for unix accounts, so the underlying unix and group accounts are consistent. There is a trust relationship with Windows 2008 AD domain

I am running Samba 3.5.5 on Solaris 10. This is the latest Sun/Oracle provided build. I have an ldap backend for everything (unix+samba accounts, idmapping for domain trusts.) The Samba server is a PDC for a domain we can call "SAMBA." Each samba account is tied to a unix account. I have a one-way domain trust setup with a Windows 2003 domain which we can call

I tried recreating the trusts. I start by setting up trusts on Windows side, using Active Directory Domains and Trusts on the DomainB AD server. . I specify the the samba domain (DOMAINB) but before I can even specify trust type or direction I get the following: Cannot continue Trust relationship can not be created… The local security authority is unable to obtain an RPC

I noticed that smbclient worked on some solaris 11 machines but not others. The issue a slightly different version of libarchive on the machine (0.12 vs 0.13), even though I thought all machines had been patched to the same level. So I decided to recompile. When recompiling samba 4.4.7 on solaris 11 I saw the following warning Checking for header krb5.h

As per earlier post, I was having problems getting trusts setup between my Samba domain (3.0.x PDC, 3.4.x BDC on Solaris 10) and two Active Directory domains (each in a separate forest.) One domain is a test Win 2003 PDC in native Win 2003 mode, the other is a Win 2008 system also in native Win 2003 mode. To summarize some of the progess- things work better if the Samba 3.4 is the PDC,

Hi, No replies unfortunately. Unsure why. We searched the list, and we found little discussion on the subject of trusts. We see occasional questions, but they are often left unanswered, like this one. If someone could point us to some good up-to-date docs on trusts with samba then we would really appreciate it. We setup a test environment (one samba 4.9.4 testad2 AD, one native windows

I updated my PDC and BDC to Samba 4.4.7. Compiled from source into /usr/local/samba. On the samba domain controllers "/usr/local/samba/bin/wbinfo -u" shows the local domain users but not the trusted one. Everything indicates trusts are ok # /usr/local/samba/bin/net rpc trustdom list -U Administrator Enter Administrator's password: Trusted domains

On my test Samba PDC, I updated the krb5.conf file to add realm info for the Windows 2008. This seems to have resolved my "wbinfo" issue. "getent passwd" is still not working (I did update nsswitch.conf) but I suspect this is because of an idmap allocation issue. The syntax for idmap allocation in smb.conf seems to change between 3.0, 3.2, 3.3 and 3.4. I have also tried

Hi Stefan, Thanks for your input. I'll check the dns stuff. I put resolvers for both domains as primary and secondary on both machines, but I guess that's not good enough. I'll look into setting up a (query logging) dns proxy, that should tell us at least who is asking what. Any chance to share that (german) article you wrote? My german is not perfect, but good enough to