Am 08.02.2013 17:54, schrieb Andrea Venturoli:
On 02/08/13 13:48, Oliver Freyd wrote:
Hello,
I think I stumbled over the same issue when testing winbind and
interdomain trusts on samba 3.6 these days.
It is a bit hard to find, but "man idmap_ldap" says that the secret must
be stored with
net idmap secret DOMAIN SECRET
and I think I used '*' as DOMAIN (for any domain)
That made winbind with ldap work for me.
Hello.
First off, thanks for answering.
After my previous message, I had already found out the above and did it.
I saw some improvement:
_ the logs about winbind not being "able to fetch auth credentials" are
gone;
_ "smbclient -L ..." succeeds, so authentication is in fact working;
_ however, access to shares still is denied to users from the trusted
domain.
It looks like Samba authenticates the user (against the DCs of the
trusted domain) and accepts it, but somehow fails to recognize him, so
he won't be correctly matched against "valid users".
Just to be clear: users from the trusted domain can access public
shares, as long as they provide a correct password.
I'm still investigating this and I'll report anything I'll find.
Any further suggestion is still appreciated.
bye & Thanks
av.
Hello,
does "wbinfo -u" list the users of the trusted domain?
and getent passwd, too?
By valid users you mean the parameter in smb.conf?
I'm usually using ACLs on shares (in the filesystem),
so I haven't tried that. But I suppose it worked before...
bye,
Oliver
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba