Greetings!
I'm having problems with winbind and interdomain trusts.
I've done alot of searching on the topic and there appears to be alot of folk
out there with the same problem, but not any solutions.
Environment is CentOS v5.6 with yumable samba3x-winbind-3.5.4-0.70 on x86_64.
Specifically, the host is joined (successfully) to A:
[ehvozda@AD-test samba]$ sudo wbinfo -t
checking the trust secret for domain A via RPC calls succeeded
[ehvozda@AD-test samba]$
A trusts B.
I can kinit and get valid tickets for principles in each, no problem.
winbind appears to see both A & B:
[ehvozda@AD-test samba]$ sudo wbinfo -u
A\administrator
A\guest
A\krbtgt
A\aselwyn
A\ehvozda
A\hvozdae
A\b$
B\administrator
B\guest
B\krbtgt
B\ehvozda
B\ehvozda_xxx
[ehvozda@AD-test samba]$
users in A can authenticate via winbind:
[ehvozda@AD-test samba]$ sudo wbinfo -a A\\hvozdae
Enter A\hvozdae's password:
plaintext password authentication succeeded
Enter A\hvozdae's password:
challenge/response password authentication succeeded
[ehvozda@AD-test samba]$
users in B cannot.
[ehvozda@AD-test samba]$ sudo wbinfo -a B\\ehvozda
Enter B\ehvozda's password:
plaintext password authentication failed
Could not authenticate user B\ehvozda with plaintext password
Enter B\ehvozda's password:
challenge/response password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user B\ehvozda with challenge/response
[ehvozda@AD-test samba]$
However, clearly the user exists (see above).
winbind sees the trust:
[ehvozda@AD-test samba]$ sudo wbinfo -m
BUILTIN
AD-TEST
A
B
[ehvozda@AD-test samba]$
However, for whatever reason, B is considered offline:
[ehvozda@AD-test samba]$ sudo wbinfo --online-status
BUILTIN : online
AD-TEST : online
A : online
B : offline
[ehvozda@AD-test samba]$
Cranking debug level = 10 does not show anything obvious.
A few questions:
* Is interdomain trusts working in v3.5.4?
* Is there specific documentation or a recipe that works for folk?
* What are some debugging techniques I could try?
* Why is domain B is offline?
I've included my smb.conf file below:
[global]
workgroup = A
realm = A.LOCAL
security = ads
idmap backend = tdb
idmap uid = 1000-9999
idmap gid = 1000-9999
idmap config A : backend = ad
idmap config A : range = 1000-2999
idmap config B : backend = ad
idmap config B : range = 3000-4999
template shell = /bin/false
winbind offline logon = false
log level = 10
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
