Is anyone using interdomain trusts at all...? On Aug 18, 2011, at 1:57 PM, "Eric S. Hvozda" <[email protected]> wrote:
> Greetings! > > I'm having problems with winbind and interdomain trusts. > > I've done alot of searching on the topic and there appears to be alot of folk > out there with the same problem, but not any solutions. > > Environment is CentOS v5.6 with yumable samba3x-winbind-3.5.4-0.70 on x86_64. > > Specifically, the host is joined (successfully) to A: > > [ehvozda@AD-test samba]$ sudo wbinfo -t > checking the trust secret for domain A via RPC calls succeeded > [ehvozda@AD-test samba]$ > > A trusts B. > > I can kinit and get valid tickets for principles in each, no problem. > > winbind appears to see both A & B: > > [ehvozda@AD-test samba]$ sudo wbinfo -u > A\administrator > A\guest > A\krbtgt > A\aselwyn > A\ehvozda > A\hvozdae > A\b$ > B\administrator > B\guest > B\krbtgt > B\ehvozda > B\ehvozda_xxx > [ehvozda@AD-test samba]$ > > users in A can authenticate via winbind: > > [ehvozda@AD-test samba]$ sudo wbinfo -a A\\hvozdae > Enter A\hvozdae's password: > plaintext password authentication succeeded > Enter A\hvozdae's password: > challenge/response password authentication succeeded > [ehvozda@AD-test samba]$ > > users in B cannot. > > [ehvozda@AD-test samba]$ sudo wbinfo -a B\\ehvozda > Enter B\ehvozda's password: > plaintext password authentication failed > Could not authenticate user B\ehvozda with plaintext password > Enter B\ehvozda's password: > challenge/response password authentication failed > error code was NT_STATUS_NO_SUCH_USER (0xc0000064) > error messsage was: No such user > Could not authenticate user B\ehvozda with challenge/response > [ehvozda@AD-test samba]$ > > However, clearly the user exists (see above). > > winbind sees the trust: > > [ehvozda@AD-test samba]$ sudo wbinfo -m > BUILTIN > AD-TEST > A > B > [ehvozda@AD-test samba]$ > > However, for whatever reason, B is considered offline: > > [ehvozda@AD-test samba]$ sudo wbinfo --online-status > BUILTIN : online > AD-TEST : online > A : online > B : offline > [ehvozda@AD-test samba]$ > > Cranking debug level = 10 does not show anything obvious. > > A few questions: > > * Is interdomain trusts working in v3.5.4? > * Is there specific documentation or a recipe that works for folk? > * What are some debugging techniques I could try? > * Why is domain B is offline? > > I've included my smb.conf file below: > > [global] > workgroup = A > realm = A.LOCAL > security = ads > idmap backend = tdb > idmap uid = 1000-9999 > idmap gid = 1000-9999 > idmap config A : backend = ad > idmap config A : range = 1000-2999 > idmap config B : backend = ad > idmap config B : range = 3000-4999 > template shell = /bin/false > winbind offline logon = false > log level = 10 > > server string = Samba Server Version %v > > log file = /var/log/samba/log.%m > max log size = 50 > > passdb backend = tdbsam > > load printers = yes > cups options = raw > > [homes] > comment = Home Directories > browseable = no > writable = yes > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = no > writable = no > printable = yes > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
