Hello,
I have a samba 3.6.1 (Debian testing) member server in a Windows 2K8 Domain
with the name DomaA. The DomA PDC trusts a second Win2K3 domain controller
responsible for DomB.
All users from DomA can access the samba server without problems.
Now I want to allow users from the trusted domain DomB to access the samba
server.
When a user tries to authenticate the smb/cifs login to the share fails,
I get the following winbind log in log.wb-DOMB
[2012/01/06 10:51:17.018523, 3]
libsmb/cliconnect.c:1840(cli_session_setup_spnego)
got principal=pdc$@DOMB
[2012/01/06 10:51:17.018673, 10]
libads/kerberos.c:191(kerberos_kinit_password_ext)
kerberos_kinit_password: as SAMBA-1$@NETTETAL.PIERBURG.LOCAL using
[MEMORY:cliconnect] as ccache and config [(null)]
[2012/01/06 10:51:18.553682, 3]
libsmb/cliconnect.c:1883(cli_session_setup_spnego)
cli_session_setup_spnego: using target hostname not SPNEGO principal
[2012/01/06 10:51:18.553770, 3]
libsmb/cliconnect.c:1927(cli_session_setup_spnego)
cli_session_setup_spnego: guessed server principal=cifs/pdc.DOMB@DOMB
[2012/01/06 10:51:18.553805, 2]
libsmb/cliconnect.c:1433(cli_session_setup_kerberos_send)
Doing kerberos session setup
[2012/01/06 10:51:19.058406, 1] libsmb/clikrb5.c:799(ads_krb5_mk_req)
ads_krb5_mk_req: smb_krb5_get_credentials failed for cifs/pdc.DOMB@DOMB
(Server not found in Kerberos database)
In my smb.conf I enabled:
allow trusted domains = yes
In my krb5.conf I configured:
DOMB = {
kdc = PDC@DOMB:88
admin_server = PDC@DOMB
default_domain = DOMB
}
Testing kinit works:
kinit username@DOMB is successfull.
So my question ist: am I missing something?
Thanks in advance for any help
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba