Greetings, We are currently experiencing logon problems with a trusted domain user(s).
Example: We have DomainA and DomainB DomainA and DomainB both have workstations joined on their respective domain. DomainA and DomainB both have trust relationships. DomainA trusts DomainB and vise versa. DomainA is where being served by a Samba PDC, while DomainB has a PDC using Windows NT 4.0 Server When users from DomainA logs in to DomainA using the workstation joined under DomainA and/or DomainB, they can login without any problems. The problem occurs when users from DomainB logs in to a workstation joined under DomainA. The logon script is not executed and the user profile is not loaded. This problem does not occur when users logs in from DomainB workstations. (their logon script is executed and profiles are loaded properly) -We've checked that DomainB user can access the netlogon share from the workstation (DomainA). Running it manually works. -We've checked that DomainB user can access the profile share from the workstation (DomainA). -Tried different user and workstation but still same problems. -We've tried updating samba to 3.0.28 but still same problem (we went back to 3.0.23c please see reason below). -Tried searching the net for same issue and tried some solutions, but still did not work. -Tried looking at log files, but could not find obvious errors. The Samba version were using is 3.0.23c The server is running CentOS 5.1 x86_64 version. The original Samba version (3.0.25b) which came with the distro had some problems. Changing passwords from Windows does not seem to fix it. Downgrading to 3.0.23c seems to work. If posting of the log files is needed, please tell us which log file to look/post. Thank you very much for taking time to read this post. Regards, Jay Below is our smb.conf file ========================================= [global] netbios name = aphrodite workgroup = RLDP_DESIGN3A server string = "" security = user passdb backend = ldapsam:ldap://ldapserver enable privileges = yes encrypt passwords = yes allow trusted domains = yes host msdfs = no browse list = true os level = 65 preferred master = yes domain master = yes local master = yes domain logons = yes logon path = \\%L\profiles\%U logon drive = G: logon home = \\%L\home\%U logon script = default.bat log level = 3 log file = /var/log/samba/%m.log max log size = 100 wins server = 192.168.3.2 dns proxy = no name resolve order = wins host bcast ldap suffix = dc=design3,dc=rldp,dc=com ldap machine suffix = ou=computers ldap user suffix = ou=People ldap group suffix = ou=group ldap idmap suffix = ou=idmap ldap admin dn = cn=root,dc=design3,dc=rldp,dc=com ldap passwd sync = only idmap backend = ldap:ldap://ldapserver idmap uid = 50000-65000 idmap gid = 50000-65000 template shell = /bin/bash winbind use default domain = no add user script = /opt/smbldap-tools/smbldap-useradd -m "%u" delete user script = /opt/smbldap-tools/smbldap-userdel "%u" add group script = /opt/smbldap-tools/smbldap-groupadd -p "%g" delete group script = /opt/smbldap-tools/smbldap-groupdel "%g" add user to group script = /opt/smbldap-tools/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/smbldap-tools/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/smbldap-tools/smbldap-usermod -g "%g" "%u" add machine script = /opt/smbldap-tools/smbldap-useradd -w "%u" printer admin = administrator #============================ Share Definitions ============================== [netlogon] path = /smbshare/netlogon read only = yes [profiles] path = /smbshare/profile read only = no create mask = 0600 directory mask = 0700 [profiled] path = /smbshare/profile_data read only = no create mask = 0600 directory mask = 0700 [home] path = /smbshare/home read only = no create mask = 0600 directory mask = 0700 [teamd3] path = /smbshare/workdir read only = no create mask = 0660 directory mask = 0770 # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes [print$] path = /smbshare/print_drivers browseable = yes guest ok = no read only = yes write list = administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba