-   Linux - Newbie (
-   -   Running Samba/Winbind with two domains (

Krampus 07-09-2013 08:00 AM

Running Samba/Winbind with two domains
First: I'm not a Linux administrator, and I don't know what I don't know (if you know what I mean).

We have this server here at work, named FAXSERVER, running the Red Hat Enterprise Linux ES release 3 (Taroon Update 8) distro, along with Samba version 3.0.9-1.3E.12. The directory /home/faxes/ is shared out to our domain via Samba/Winbind.

This is primarily a Windows network. Windows domain controller, etc. I'm on this primary domain (DOMAIN1). And there is another domain. It's a trusted domain (DOMAIN2). I want users authenticating to DOMAIN2 to be able to access /home/faxes/ on this server as well. I can't seem to be able to make it happen.

Here's what I've (clumsily) tried so far:


The permissions for /home/faxes/ are as follows: drwxrwsr-x 57 uucp 10001 4096 Jul 24 2012 faxes. Looks like everyone has read/execute permission, and the file owner and members of the file's group additionally have write permission.

There are currently three Samba users set up, according to /etc/samba/smbusers: root (mapped to 'administrator' and 'admin'), nobody (mapped to 'guest', 'pcguest', and 'smbguest'), and mike (mapped to 'mike').

The Samba configuration (location: /etc/samba/smb.conf) for /faxes/ is currently as follows:
comment = FAX faxes
writable = yes
printable = no
public = yes
guest ok = yes
create mask = 0665
Prior to me looking into it, the "guest ok" flag was set to no. I changed it to "yes" (since "public=yes" seems to make this redundant) and restarted the Samba service (service smb restart). It doesn't appear that this resolved the issue, but I wanted to try it.


The 'wbinfo -g' command gives me a list of all user groups, but they're all under DOMAIN1\*. There are no DOMAIN2\* groups listed.

The 'wbinfo -m' command gives me a list of all trusted domains: FAXSERVER, BUILTIN, and DOMAIN2. So DOMAIN2 is trusted by FAXSERVER.

I'm also able to query both DOMAIN1 and DOMAIN2 from FAXSERVER:

[root@faxserver home]# wbinfo -D DOMAIN1
Name : DOMAIN1
SID : S-1-3-59-7490224-282867100-4786781930
Active Directory : Yes
Native : Yes
Primary : Yes
Sequence : 62852289
[root@faxserver home]# wbinfo -D DOMAIN2
Name : DOMAIN2
Alt_Name :
SID : S-1-5-21-3827589627-1874523873-1381929582
Active Directory : No
Native : No
Primary : No
Sequence : -1

I don't really know what I'm doing. This is likely self-evident. Is it a matter of changing the "Active Directory" flag under DOMAIN2 from "No" to "Yes"? If so, how would I go about doing that?

Or is this an impossible task, and I'll just end up chasing my tail?

Ser Olmy 07-10-2013 05:39 PM

It seems your Samba server is communicating properly with the DOMAIN1 domain, and is even able to see the trust. But none of that really matters, since it seems no users from either domain have any explicit rights on the share or the /home/faxes directory (unless getfacl /home/faxes returns something interesting).

Do you get any error messages when you try to access the share from a Windows computer in DOMAIN2? Does net view \\faxserver show the shares on the server? Does dir \\faxserver\sharename return an error message?

Any error messages in the Samba logs when you attempt to access the share?

Are you mapping unknown users or bad passwords to Guest in Samba?

All times are GMT -5. The time now is 05:50 PM.