1. Forum
  2. Usenet
  3. LINUX.SAMBA

  • [Samba] Share files to users from two domains with winbind

    From edson via samba@21:1/5 to All on Sun Mar 19 23:00:02 2017
    Hello.

    I need the file server to authenticate users from two domains. Of DOMAINA
    that the file server has joined and users of DOMAINB that maintains a trust relationship with DOMAINA.

    I have two domain forests (DOMAINE and DOMAINB), and a trust relationship exists between both. DOMAINA servers are running with samba version 4.5
    (with CentOS 7 system) the DOMAINB server is running with windows server 2012R2.

    I use winbind on the file server (with CentOS 7) and samba version 4.4.4. I
    can access shares by logging on to DOMAINA users.

    But when I try to access the shares with DOMAINB users from DOMAINA workstations, I have permission denied.

    Follows the contents of the smb.conf file.

    [global]
    WORKGROUP = DOMAINE
    Realm = DOMAINA.COM
    Netbios name = FILESERVER
    Security = ads
    Log level = 3
    Log file = /var/log/samba/log.all
    Max log size = 4000
    Domain master = no
    Local master = no
    Idmap config *: backend = tdb
    Idmap config *: range = 1500-1000000
    Idmap config DOMAINA: backend = rid
    Idmap config DOMAINA: range = 2000000-6000000
    Idmap config DOMAINA: backend = rid
    Idmap config DOMAINA: range = 6000001-9000000
    # Winbind Configurations #
    Winbind enum users = NO
    Winbind enum groups = NO
    Winbind refresh tickets = yes
    Winbind reconnect delay = 60
    Winbind nested groups = yes
    Winbind expand groups = 10
    # Winbind connections #
    Winbind max domain connections = 15
    Winbind max clients = 200
    # Configurations cache #
    Winbind cache time = 180
    Winbind offline logon = NO
    # Template Configurations #
    Winbind nss info = template
    Template homedir = / home /% D /% U
    Template shell = / bin / false


    [Board]
    Path = / mnt / samba / directory
    Read only = No


    When I run the command the users are displayed:

    Wbinfo -u --domain = DOMAINB

    But when I run the following two commands the users and groups of the
    DOMAINB that is maintained the trust is not displayed.

    Getent passwd DOMAINB \\ administrator
    Getent group DOMAINB \\ financial

    But the /etc/nsswitch.conf file is configured correctly to use winbind.

    How can i make winbind work with two domains?

    Can someone please help me?

    --
    Att,

    Edson Oliveira
    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)