On version 2.0 using "security = domain" and "include = globals.%m" I could specify what PDC to use depending on client name. This was a neat arrangement to integrate legacy NT4 domains - I asked the remote admins to add the samba server to their domain, and ran "smbpasswd -j <various> -r <various pdc's>" to end up with multiple machine.sid's in private. All was wonderful, and then I upgraded . . .
Now 2.2.7a with single secrets.tdb, samba is again added to the various domains, and can authenticate to any of them individually (their workgroup in smb.conf), but a %m globals match always produces an auth2 error. I think samba's pulling the wrong SID out of secrets.tdb, always using the %m workgroup, but the smb.conf global workgroup SID to authenticate! Does anyone else bring together NT4 domains with samba to avoid "trusts"? Do you use this method, how does it work for you? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
