On 02/04/13 19:25, Andrea Venturoli wrote:
Hello.
My setup:
_ one Samba 3.5 domain (XXXXXXXX), with a PDC and a BDC, both running
FreeBSD;
_ one AD domain (YYYYYYYY) running on two Windows 2003 DCs;
_ bidirectional trust between the two domains.
Everything used to work until I moved the PDC from Samba 3.5 (EOL'ed) to
3.6; now, users from domain YYYYYYYY cannot access the PDC's shares.
I used to have in smb.conf:
idmap backend=ldap:ldap://localhost/
idmap alloc backend=ldap
idmap alloc config:ldap_url=ldap://localhost
idmap alloc config:ldap_base_dn=ou=idmap,dc=xxxxxxxx,dc=xx
idmap alloc config:ldap_user_dn=cn=root,dc=xxxxxxxx,dc=xx
idmap cache time=120
idmap uid=150000-200000
idmap gid=150000-200000
template shell=/sbin/nologin
idmap config XXXXXXXX:backend=nss
idmap config XXXXXXXX:range=1000-999999
After the upgrade I changed it this way:
idmap config *:backend=ldap
idmap config *:range=150000-200000
idmap config *:ldap_url=ldap://localhost/
idmap config *:ldap_base_dn=ou=idmap,dc=xxxxxxxx,dc=xx
idmap config *:ldap_user_dn=cn=root,dc=xxxxxxxx,dc=xx
idmap cache time=120
template shell=/sbin/nologin
idmap config XXXXXXXX:backend=nss
idmap config XXXXXXXX:range=1000-999999
I see many errors like the following in log.winbindd-idmap:
[2013/02/04 19:22:20.847184, 1] winbindd/idmap.c:249(idmap_init_domain)
idmap initialization returned NT_STATUS_ACCESS_DENIED
In log.wb-YYYYYYYY
[2013/02/04 19:20:59.364510, 0]
rpc_client/cli_pipe.c:3240(cli_rpc_pipe_open_spnego_ntlmssp)
cli_rpc_pipe_bind failed with error NT_STATUS_ACCESS_DENIED
Please, any help is appreciated.
bye & Thanks
av.
P.S.
I'm also seeing this:
winbindd[65589]: get_credentials: Unable to fetch auth credentials for
cn=root,dc=xxxxxxxx,dc=xx in *
Connection to LDAP works form smbd (for which I had set credentials with
smbpasswd -w); how whould I do it for winbindd?
bye & Thanks
av.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
