similar to: SAMBA4 - Trusted relationship lost every Weeks

Hi, Here is our smb.conf. Please note that this server uses nss resolution for DOMAIN_B users and idmap_ldap backend to resolve DOMAIN_A users. Trusted relationship between works well for other services between those two domains. Only samba4 fileserver needs to rejoin DOMAIN_A domain (AD 2008 server) every week. #======================= Global Settings

Le 16/08/2017 à 18:18, Rowland Penny via samba a écrit : > Very hard to understand this post, but see inline comments: > > On Wed, 16 Aug 2017 17:47:25 +0200 > Julien TEHERY via samba <samba at lists.samba.org> wrote: > >>> You did say that this machine is joined to the AD domain (DOMAIN >>> A), didn't you ? >> >> Yes >>> If so,

> You did say that this machine is joined to the AD domain (DOMAIN > A), didn't you ? >> Yes > > If so, why, if 'security = ADS' is in smb.conf, are you trying to use > ldap to connect to the AD DC ????? >> Not at all. If it was the case the machine would have never be joined to DOMAIN_A Joining this machine to the 2008 domain (via net ads join..) succeed

On Wed, 16 Aug 2017 09:05:32 +0200 Julien TEHERY via samba <samba at lists.samba.org> wrote: > Hi, > > > Here is our smb.conf. > > Please note that this server uses nss resolution for DOMAIN_B users > and idmap_ldap backend to resolve DOMAIN_A users. > > Trusted relationship between works well for other services between > those two domains. Only samba4

Very hard to understand this post, but see inline comments: On Wed, 16 Aug 2017 17:47:25 +0200 Julien TEHERY via samba <samba at lists.samba.org> wrote: > > You did say that this machine is joined to the AD domain (DOMAIN > > A), didn't you ? > >> Yes > > > > If so, why, if 'security = ADS' is in smb.conf, are you trying to > > use ldap

There may be several parts to the problem: 1. Winbind on Samba 3.4.x seems unable to allocate idmap entries (UID/SID or GID/SID) , whether or not the backend is LDAP or TDB. Winbind on Samba 3.0.x is able to create idmap allocation mappings with an LDAP backend. The two problems with Samba 3.0.x are as follows - "getent" would stop showing trusted users once the cache period

Hi Gaiseric, "wbinfo -u" does not show the DOMAIN_B users. "wbinfo -n DOMAIN_B+someuser" works and show the SID of the users, also from Domain_B. "wbinfo -i DOMAIN_B+someuser" does not work. It only works for users of Domain_A. For User of Domain_B, it says: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user Domain_B+someuser

On Thu, 2 May 2019 14:05:12 +0800 d tbsky via samba <samba at lists.samba.org> wrote: > > Dear list, > > > > when I connect to a samba AD member server from a windows 10 client > > not joined to the domain, it appears that I always have to connect > > as DOMAIN\USER. Is it possible to configure samba such that it > > always interprets the USER part as

Hi Gaiseric, both packages have been provided as RPM and installed by yum. We didn´t have to compile. "wbinfo -i" shows the correct uidnumber for users of DOMAIN_A, but nothing for users auf the trusted Domain DOMAIN_B. We have another server running Centos 6 and Samba 4.4.4. It shows the same problem: Only users and groups of DOMAIN_A are available. The settings: ldap

Hi Igor, I got stuck now. I did my best. I got stuck at the winbind which I suspected is the reason why the domainA_computer cannot map the domain_B user's home directory. 1. What are the settings of your winbind? 2. Do you use only "winbind" in your libnss_ldap or use "ldap" as well? 3. My winbind works with :- (For both sides) wbinfo -t wbinfo -p wbinfo -u wbinfo

How would I set the idmap backend to TDB ? Both domain controlers are running Windows 2008 Server. Am 19.12.2016 um 15:44 schrieb Gaiseric Vandal: > Which idmap backend are you using? > > One thing to try is setting the idmap backend for the trusted domains > to TDB (local database file) This is not a great long term solution > since you will not have consistent mappings

Dear list, when I connect to a samba AD member server from a windows 10 client not joined to the domain, it appears that I always have to connect as DOMAIN\USER. Is it possible to configure samba such that it always interprets the USER part as being the account name of the one domain that is configured, and to discard the DOMAIN part supplied by the client? This may be a dumb question, but thanks

Some time back I upgraded a domain controller (Solaris 10) from samba 3.0.x to 3.4.5 In order to support interdomain trusts I am using winbind and idmap allocation with a samba backend. Since the upgrade it appears that samba is no allocating uid and gid's for trusted domain. my smb.conf looks something like:

>>* The local on *>>* site domain is a realm that has a list of usernames and samba *>>* accounts but authentication is off loaded onto an external realm and *>>* there is a one way trust relationship where the local samba server *>>* trusts the external realm -- all that is required is that there is a *>>* local username and username map on local samba server.

Hi Igor, Thanks so much for troubleshooting all this while and we found out none of our configuration is the problem but the source code. Hope that the samba team will modify to a working code so that I can deploy it. Actually my dateline to deploy is coming soon and I do not know what to do now..... when do you think the code will be modified and be released? Thanks so much for your help.

This is a little of a new experience for me, I am a bit of a novice. I have usually been able to stumble around documentation and other mailing lists to figure out problems, unfortunately I have struck and issue that has me going around in circles ... I have set up a VPN between three locations using openvpn (device = tun ), two satellite locations (referred to as B & C) talking to a

Hi Gaiseric, I have tried that, also in different variations. But the users and groups of DOMAIN_B keep invisible. Below the smb.conf in the meantime state. By the way: kinit works with both, users aof DOM_A and Users of DOM_B. [global] workgroup = DOM_A server string = Samba %v log file = /var/log/samba/log.%m max log size = 50 password server = *

Hello I have two MS AD 2008 let's say AD1 and AD2. They have bi-direction trusted relationship. I have two linux servers joined into AD2, let's say LNX1 and LNX2. On LNX1, it can authenticate any users both from AD1 or AD2. Howerver, on LNX2, it can only authenticate users in AD2 but failed against AD1. It reports NT_STATUS_TRUSTED_DOMAIN_FAILURE (0xc000018c). I'm sure the smb.conf

Which idmap backend are you using? One thing to try is setting the idmap backend for the trusted domains to TDB (local database file) This is not a great long term solution since you will not have consistent mappings between domains. However it may help determine if the issue is with winbind and idmap in general or with the specific idmap backend (e.g. rid, ad, ldap.) Are the domain

Hi Igor, Once again, thanks for keeping up with me. I have been migrating my master ldap server to 2.1 version so to keep it the same with the PDCs version of LDAP. Now they are the same. I have rectified such that "wbinfo -u" on both sides worked now. I am made "net rpc trustdom list" worked. It was not working before. I had to put "stuadmin = root" in the