Displaying 20 results from an estimated 40000 matches similar to: "Samba 3.x trusts on member server causing samba crash?"
2016 Dec 19
1
wbinfo -u does not listed trusted users, wbinfo -n works, idmap not working
On both Samba 4.5.1 member server and Samba 3.6.25 member server I tried
the following command
wbinfo –set-uid-mapping=35049,S-1-5-21-xx-xx-xxx-xxx
this should have created a mapping entry consistent with the one on the
domain controller for a trusted user
But I got the following error
failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED
As far as I can tell from network
2016 Dec 14
0
wbinfo -u does not listed trusted users, wbinfo -n works, idmap not working
On a samba 4.5.1 domain controllers (PDC and BDC), classic domain ,
LDAP is used as the backend for both user accounts AND for the idmapping
of trusted domains . Partial smb.conf below
workgroup = THISDOMAIN
security = user
passdb backend = ldapsam:ldap://xxxxxxxxxxxxxxxxx
idmap config * : backend = tdb
idmap config * : range = 5000-6000
idmap config THISDOMAIN :
2016 Dec 13
2
wbinfo -u does not listed trusted users, wbinfo -n works
Running a mix of samba versions (3.6.25 and 4.5.1) in two domains- one
"classic" (with samba domain controllers) and one AD (with windows
domain controllers.) The eventual goal is to drop the classic domain
in favor of the AD domain. Also trying to move from samba 3.x to 4.x
since Samba 3 is EOL'd.
the "wbinfo -u" command will list users in the servers domain
2014 Dec 18
0
IDMAP_NSS on member server
On 18/12/14 17:24, Gaiseric Vandal wrote:
> I don't have an AD backend for this domain. The DC's are "classic"
> domain controllers, Samba 3.6 , with LDAP backend for all accounts.
> Would this still be an option?
>
>
>
>
> I tried adding
>
>
> idmap config MYDOMAIN:schema_mode = rfc2307
> idmap config MYDOMAIN:backend = ad
> idmap
2014 Dec 18
0
IDMAP_NSS on member server
On 18/12/14 16:43, Gaiseric Vandal wrote:
> I think IDMAP_RID would not be the appropriate solution for me. Not
> only do I want consistent IDMapping across all servers - which this
> could do - but I want them to match the the existing unix uidNumber
> in LDAP.
You never said that you had uidNumber in LDAP!, in fact you seemed to
mention every winbind backend except the one that
2014 Dec 18
2
IDMAP_NSS on member server
I think IDMAP_RID would not be the appropriate solution for me. Not
only do I want consistent IDMapping across all servers - which this
could do - but I want them to match the the existing unix uidNumber in
LDAP.
Thanks for your help.
On 12/18/14 04:29, Rowland Penny wrote:
> On 17/12/14 22:01, Gaiseric Vandal wrote:
>> I have two Samba 3.6.24 domain controllers (Solaris
2014 Dec 18
2
IDMAP_NSS on member server
I don't have an AD backend for this domain. The DC's are "classic"
domain controllers, Samba 3.6 , with LDAP backend for all accounts.
Would this still be an option?
I tried adding
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:range = 100-300
Didn't seem to work.
Thanks
On 12/18/14 11:57, Rowland
2016 Nov 22
0
Samba 4 "Classic PDC" trusts fail with Win 2012 domain but succeed Win 2008
I am trying to configuring Samba 4 classic PDC to trust Windows 2012
domain "DomainB" - the PDC is running Windows 2012 but the forest and
domain functional levels are still Windows 2008. On the Win 2012 PDC I
try to set up an incoming trust, but it fails with "The local security
authority is unable to obtain an RPC connection to the active directory
domain controller
2014 Dec 18
0
IDMAP_NSS on member server
On 17/12/14 23:01, Gaiseric Vandal wrote:
> I have two Samba 3.6.24 domain controllers (Solaris 10.) On all
> machines unix accounts and groups are in the LDAP as well as idmap
> entries for trusted domains. Samba accounts on domain controllers are
> in LDAP so there is problem with consistency unix/windows id and group
> mapping on the domain controllers. The domain
2014 Dec 18
0
IDMAP_NSS on member server
On 17/12/14 22:01, Gaiseric Vandal wrote:
> I have two Samba 3.6.24 domain controllers (Solaris 10.) On all
> machines unix accounts and groups are in the LDAP as well as idmap
> entries for trusted domains. Samba accounts on domain controllers
> are in LDAP so there is problem with consistency unix/windows id and
> group mapping on the domain controllers. The domain
2014 Dec 17
4
IDMAP_NSS on member server
I have two Samba 3.6.24 domain controllers (Solaris 10.) On all
machines unix accounts and groups are in the LDAP as well as idmap
entries for trusted domains. Samba accounts on domain controllers are
in LDAP so there is problem with consistency unix/windows id and group
mapping on the domain controllers. The domain controllers are the
main file servers as well.
I am configuring a
2016 Nov 14
2
Member server does not show users from trusted domain
I have a samba classic domain, called it "DomainA." All domain
controllers and servers are running 3.6.25 on Solaris 11.
The PDC and BDC use an LDAP backend for unix, samba and idmap
data. Member servers use LDAP backend for unix accounts, so the
underlying unix and group accounts are consistent.
There is a trust relationship with Windows 2008 AD domain
2011 Jun 06
2
getent passwd does not list trusted users
I am running Samba 3.5.5 on Solaris 10. This is the latest Sun/Oracle
provided build. I have an ldap backend for everything (unix+samba
accounts, idmapping for domain trusts.) The Samba server is a PDC for a
domain we can call "SAMBA." Each samba account is tied to a unix
account.
I have a one-way domain trust setup with a Windows 2003 domain which we
can call
2016 Nov 18
2
Wbinfo does show users from trusted domain / RPC error
I tried recreating the trusts.
I start by setting up trusts on Windows side, using Active Directory
Domains and Trusts on the DomainB AD server. . I specify the the
samba domain (DOMAINB) but before I can even specify trust type or
direction I get the following:
Cannot continue
Trust relationship can not be created…
The local security authority is unable to obtain an RPC
2016 Nov 28
0
Samba 4 "Classic PDC" trusts fail with Win 2012 domain but succeed Win 2008
I noticed that smbclient worked on some solaris 11 machines but not
others. The issue a slightly different version of libarchive on the
machine (0.12 vs 0.13), even though I thought all machines had been
patched to the same level. So I decided to recompile.
When recompiling samba 4.4.7 on solaris 11 I saw the following warning
Checking for header krb5.h
2010 May 04
1
interdomain trusts / wbinfo and listent_recv: returned no users
As per earlier post, I was having problems getting trusts setup between
my Samba domain (3.0.x PDC, 3.4.x BDC on Solaris 10) and two Active
Directory domains (each in a separate forest.) One domain is a test
Win 2003 PDC in native Win 2003 mode, the other is a Win 2008 system
also in native Win 2003 mode.
To summarize some of the progess- things work better if the Samba 3.4
is the PDC,
2019 Feb 26
0
status on samba trusts
Hi,
No replies unfortunately. Unsure why.
We searched the list, and we found little discussion on the subject of
trusts. We see occasional questions, but they are often left unanswered,
like this one.
If someone could point us to some good up-to-date docs on trusts with
samba then we would really appreciate it.
We setup a test environment (one samba 4.9.4 testad2 AD, one native
windows
2016 Nov 17
0
wbinfo show users from trusted domain
I updated my PDC and BDC to Samba 4.4.7. Compiled from source into
/usr/local/samba.
On the samba domain controllers
"/usr/local/samba/bin/wbinfo -u" shows the local domain users but not
the trusted one.
Everything indicates trusts are ok
# /usr/local/samba/bin/net rpc trustdom list -U Administrator
Enter Administrator's password:
Trusted domains
2010 May 02
0
Why do Interdomain trusts try to use kerberos - updated
On my test Samba PDC, I updated the krb5.conf file to add realm info for the
Windows 2008. This seems to have resolved my "wbinfo" issue. "getent
passwd" is still not working (I did update nsswitch.conf) but I suspect this
is because of an idmap allocation issue. The syntax for idmap allocation
in smb.conf seems to change between 3.0, 3.2, 3.3 and 3.4.
I have also tried
2019 Feb 28
0
status on samba trusts
Hi Stefan,
Thanks for your input. I'll check the dns stuff. I put resolvers for
both domains as primary and secondary on both machines, but I guess
that's not good enough.
I'll look into setting up a (query logging) dns proxy, that should tell
us at least who is asking what.
Any chance to share that (german) article you wrote?
My german is not perfect, but good enough to