I'm using Samba 4.1.6-Ubuntu in Ubuntu 14.04, for authenticating users from two domains with a one-way cross-forest trust between them. Samba machine is joined to DOMAINA, while DOMAINB is the trusted domain. My aim is to allow users from DOMAINA and DOMAINB to get authenticated in Samba machine.
If I run "wbinfo -u" or "wbinfo -g", only users and groups from DOMAINA get enumerated.
Thus, when I run "getent passwd", only local users and DOMAINA users get listed, and the same with "gentent group".
However, if I run "getent passwd DOMAINB+username", this entry appears:
DOMAINB+username:*:51276:50513::/home/username:/bin/bash
If I run "getent group DOMAINB+groupname", this entry appears:
DOMAINB+groupname:x:60860:
As you can see, member of DOMAINB+groupname (DOMAINB+username) doesn't appear.
Additional information, if it helps:
wbinfo -m BUILTIN COMPUTERNAME DOMAINA DOMAINB
wbinfo -i DOMAINB+username
DOMAINB+username:*:51276:50513::/home/username:/bin/bash
wbinfo --group-info=DOMAINB+groupname
DOMAINB+groupname:x:60860:
Here's a excerpt of my smb.conf:
security = ADS
domain master = no
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config DOMAINA : backend = rid
idmap config DOMAINA : range = 10000 - 49999
idmap config DOMAINB : backend = rid
idmap config DOMAINB : range = 50000 - 99999
allow trusted domains = yes
winbind trusted domains only = no
winbind use default domain = yes
map untrusted to domain = yes
template shell = /bin/bash
template homedir = /home/%U
winbind enum groups = yes
winbind nested groups = no
winbind expand groups = 2
winbind enum users = yes
winbind refresh tickets = yes
winbind separator = +
client use spnego = yes
Any help would be gratefully appreciated. Thanks!