for trusted domains to work you have to use either tdbsam or ldap
backend. donĀ“t know whether ad works, though.
this should work for you:
# idmap backend = # please comment out for tdbsam
idmap uid = 10000-100000
idmap gid = 10000-100000
winbind use default domain = Yes # your choice
winbind trusted domains only = no # must
allow trusted domains = yes # must
greez
Nir Barkan wrote:
I tried all the combinations on the "idmap backend" line and still have
errors.
What is the exact "idmap backend" line that I should add to my smb.conf file
when "ITGIL" = my domain and "EU15" = my trusted domain?
Thanks,
Nir
-----Original Message-----
From: Michael Gasch [mailto:[EMAIL PROTECTED]
Sent: Monday, July 03, 2006 11:22 AM
To: Nir Barkan
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba and trusted domains
:)
> idmap backend = ITGIL=10000-19999,EU15=20000-30000
this is not correct semantic ;)
example:
idmap backend = rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"
this should work
greez
Nir Barkan wrote:
I added the idmap backend to my smb.conf as you suggested
idmap backend = ITGIL=10000-19999,EU15=20000-30000
I get the following (on the winbind debug):
idmap_init: using 'ITGIL=10000-19999' as remote backend
Error loading module '/opt/local/lib/idmap/ITGIL=10000-19999.so': ld.so.1:
./winbindd: fatal: /opt/local/lib/idmap/ITGIL=10000-19999.so: open failed:
No such file or directory
idmap_init: could not load remote backend 'ITGIL=10000-19999'
Could not init idmap -- netlogon proxy only
The idmap directory exists; do I need to run something manually?
P.S
ITGIL = my domain
EU15 = my trusted domain
Thanks,
Nir
-----Original Message-----
From: Michael Gasch [mailto:[EMAIL PROTECTED]
Sent: Sunday, July 02, 2006 9:46 PM
To: Nir Barkan
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba and trusted domains
you should do something like
idmap backend = "MYDOMAIN=10000-19999,TRUSTEDDOMAINNAME=20000-100000000"
as i already wrote in a posting before. this won't work with idmap_rid,
but with all other backend.
i think you can stay with "winbind trusted domains only".
you should also run winbindd in interactive mode and debug level 3.
then you should see something like "init idmap backend for DOMAIN
MYDOMAIN, init idmap backend for DOMAIN TRUSTEDDOMAINNAME"
greez
Nir Barkan wrote:
Id test1 not working
Wbinfo -u return DomainName username (EUROPE test1)
The user is from trusted domain
I defined idmap uid = 10000-2000 and idmap gid = 10000-20000 on my
smb.conf, Do I need to define something more?
Thanks,
Nir
-----Original Message-----
From: Michael Gasch [mailto:[EMAIL PROTECTED]
Sent: Friday, June 30, 2006 4:12 PM
To: Nir Barkan
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba and trusted domains
> Id test1 not working
but wbinfo -u shows it?
if so you have a problem with with mapping samba accounts to unix
accounts.
is it a user from a trusted domain (to get back to the thread title)?
> My dc is windows 2003 DC, do I need to install something on it?
no
greez
Nir Barkan wrote:
Id test1 not working
I tried without "winbind trusted domains only = Yes" and got the same
results.
My dc is windows 2003 DC, do I need to install something on it?
P.S
Thanks much for your help :-)
-----Original Message-----
From: Michael Gasch [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 29, 2006 1:19 PM
To: Nir Barkan
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba and trusted domains
"Id <username_from_local_domain_without_prefix_domainname" give me the
user
uid and gid.
good
some further questions:
- does "id test1" work?
- why did you set "winbind trusted domains only = Yes"
for trusted domains to work, you have to use winbind on your DC.
furthermore on each member server you have to specify an idmap range for
each domain, like
idmap backend = "MYDOMAIN=10000-19999,TRUSTEDDOMAIN=20000-100000000"
greez
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
49 (0)341 - 3550 374
Fax: 49 (0)341 - 3550 399
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
