similar to: Share files to users from two domains with winbind

Just when I thought I had idmap changes correct for 3.6, I realize I have a setup that's not quite right: getent passwd ->No AD users getent passwd DOMAINA\\aduser aduser:*:1001601:1000513::/home/aduser:/bin/bash Shouldn't "getent passwd" show both local and AD users? Samba has had such an identity crisis over the years with idmap documentation. Depending, on where you

config smb.conf [global] realm = DOMAINB workgroup = DOMAINB security = ADS template homedir = /home/%U template shell = /bin/bash winbind expand groups = 1 winbind separator = + winbind use default domain = Yes idmap config domainb : range = 3000001 - 4000000 idmap config domainb : backend = rid idmap config domainc : range = 2000001 - 3000000 idmap config domainc : backend = rid

Hi, I have these following configurations: Active Directory 1 = DomainA.com AD1 Primary Group = Domain Users AD1 Group 1 = Linux (member: DomainB\ad2testuser1) Server joined = linux1.DomainA.com (configured Kerberos and Winbind Samba4 from sernet) Active Directory 2 = DomainB.com AD2 Primary Group = Domain Users (member: DomainB\ad2testuser1) AD2 User 1 = ad2testuser1 note: (1)

I'm setting up Samba in an environment with 2 Active Directory domains setup with a one way trust (DOMAINA -> DOMAINB). Samba is in DOMAINA. From looking at the logs (see below) it appears that winbind is having troubles getting the credentials for the domain controller in DOMAINB. I can get tickets, using kinit, for accounts in both domains. I can join DOMAINA just fine. Running

We are splitting our users into 2 domains(DOMAINA and DOMAINB (changed for security reason)). I am having problems getting users who log into their workstation on DOMAINA to access a samba share on DOMAINB. We are using W2K3 servers as our AD with LDAP. Samba shares on are CentOS5.1 servers. I Can anyone point me to some docs on how to set this up? I have been rumbling through google for the past

I’ve removed the following line from smb.conf: > >> winbind use default domain = Yes > Although we are using it on a different server (who has direct access to all DC’s from both domains). > And we are able to logon with credentials from a different domain. > by using "ssh -l DOMAINA+username SERVER02" > >> We now come to the domain ranges, they must not

I noticed that smbclient worked on some solaris 11 machines but not others. The issue a slightly different version of libarchive on the machine (0.12 vs 0.13), even though I thought all machines had been patched to the same level. So I decided to recompile. When recompiling samba 4.4.7 on solaris 11 I saw the following warning Checking for header krb5.h

In summary * DomainA Samba classic domain- PDC and BDC are running Samba 4.4.7. The PDC is called "SambaPDC." * DomainB Windows AD domain , level 2008, domain controller is Windows 2012 or 2012R2 (you are correct that there are not primary and backup controllers in AD) * DomainC Windows AD domain, level 2008, domain controllers are Windows 2008 I need to get

Hello We have a setup on Ubuntu to join multiple AD domains and authenticate using NTLM_auth with freeRadius. Since there're multiple ADs domains involved, we were using "WINBINDD_SOCKET_DIR" environment variable to use the correct cache directory for each domain. Everything looks fine and all worked when using samba 4.7.9 running on Ubuntu 16.04. Now, we're upgrading to the

> idmap config domainb : range = 3000001 - 4000000  > idmap config domainb : backend = rid  > idmap config domainc : range = 2000001 - 3000000  > idmap config domainc : backend = rid  > idmap config domaina : range = 1000001 - 2000000  > idmap config domaina : backend = rid  > idmap config * : range = 1000000-199999999  > idmap config * : backend = tdb Your  "idmap

Hi there, This is most likely something very basic which I'm not seeing right now. I have a Samba-server, which is running in security = domain, and it's a member of that domain (DOMAINA). The domain is a Win2003 domain. That domain has established a trust with another domain (DOMAINB). There's a Windows terminal server TERMSRV which is a member of DOMAINA, but a user from DOMAINB

Hello. I have a file server with samba and sssd. Is working perfectly. The problem is when I define extended ACLs using windows explorer. Acls are not applied in the file system to the groups and users of the domain. But when I work with winbind I can apply the extended acls in the file system. Follow the contents of the sssd.conf and smb.conf file [global] WORKGROUP = DOMAINE Realm =

I am not sure if this is relevant root at sambaPDC:~# /usr/local/samba/bin/net rpc trustdom establish DomainB Enter DOMAINA$'s password: Could not connect to server DomainB_DC Trust to domain DomainB established root at sambaPDC:~# root at sambaPDC:~# /usr/local/samba/bin/net rpc trustdom establish DomainC Enter DOMAINA$'s password: Could not connect to

The trusts aren't really working with Windows 2008 either (where DOMAINC is the Windows 2008 domain.) # /usr/local/samba/bin/net rpc trustdom establish DOMAINC Enter DOMAINA$'s password: Could not connect to server DOMAINC_DC Trust to domain DOMAINC established # Active Directory Domains and Trusts MMC on the Windows 2008 AD DC (DOMAINC_DC) seems to think the

I have two domains which are on different subnets, connected by a routed OpenVPN tunnel. The domains trust each other. Domain A has the WINS server. Domain B is confused to use Domain A's WINS server. The VPN pushes the WINS server as part of its DHCP options as well. >From either domain, I am able to use smbclient to see the shares on the other domain's PDC. I have to specify -W

I have been trying off and on for some time now to get an interdomain trust relationship going between two samba pdc machines (DomainA=trusted & DomainB=trusting). Both pdc's are running on Solaris boxes and NIS is involved (I doubt there is a NIS complication just because I can use accounts on DomainA on DomainB's samba, as long as I add them using smbpasswd manually). The situation

> IMHO, for this to work you should define "idmap domains = DOMAINA > DOMAINB" and configure the idmap backend appropriately for both domains > using idmap config DOMAIN:backend/range/default etc... > > For more details see "man idmap_tdb, man idmap_ldap and man idmap_rid". > > --Sadique Hi Sadique, thanks for your response. I test it but I don't

Hello, I have a client that wants to have a dedicated smtp sending host. But they have 2 separate domains then that don't want to have share IP address. The reasons from this is long and drawn out. Is it possible to setup postfix in a virtual host config, like apache for example, such that, domainA.com listens and sends on one IP address and domainB.com listens and sends on another address.

Hello, I am running a samba/ldap PDC on domainA with winbind. It works fine as a domain controler. Samba : 3.0.21c OpenLDAP : 2.2.15 I want to add domainB as a trusted domain (ie the users of domainB would have access to the shares of domainA without another authentication). I configured this and net rpc give me this : # net rpc trustdom list Password: Trusted domains list: DomainB

Hi I have a problem with an interdomain trust where on the PDC for DomainA, everything works perfectly. getent returns local and DomainB usernames. On the PDC for DomainB, it's DomainB works fine, but getent only returns local usernames and groups, it doesn't return the usernames or groups for DomainA. wbinfo -u and wbinfo -g work fine and return all DomainA's usernames and groups.