Hi, Did somebody already make a two-way trust relationship between Samba 3 and AD ?
When I try to access to Samba share with AD account, I've got this: [2012/12/16 23:00:26.146090, 5] auth/auth.c:268(check_ntlm_password) check_ntlm_password: winbind authentication for user [tata] FAILED with error NT_STATUS_NO_SUCH_USER [2012/12/16 23:00:26.146123, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [tata] -> [tata] FAILED with error NT_STATUS_NO_SUCH_USER but trust domain seems to be ok: Trusted domains list: ES01 S-1-5-21-1816646249-803782145-3669927669 Trusting domains list: ES01 S-1-5-21-1816646249-803782145-3669927669 and when I try to access samba share with the Administrator account that I create both side with same passwd, I've got this: [2012/12/16 22:57:22.701841, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user ES01\Administrator has user sid S-1-5-21-1816646249-803782145-3669927669-500 but group sid S-1-5-21-3405883886-2425668597-4100599511-513. The conflicting domain portions are not supported for NETLOGON calls and winfo doesn't seem to work, it should list all trusted users, no ? # wbinfo -u root nobody smb3user administrator Regards, Romain 2012/12/15 Romain <[email protected]> > Hello list, > > Sorry to top again but do we need Kerberos on Samba server to make this > work ? > > Regards, > > > 2012/12/14 Romain <[email protected]> > >> Hi, >> >> I made a mistake, we have Samba 3.5.3. >> >> Can somebody help ? >> >> Regards, >> Romain >> >> >> 2012/12/13 Romain <[email protected]> >> >>> Hello samba list, >>> >>> I'm close to be able to make this work but I just need a bit help. Here >>> is the situation: >>> >>> - Windows 2008 R2 x64 Domain Controller: domain ES01 >>> >>> - Samba 3.4.3 Domain Controller:domain ES02 >>> >>> - Windows Seven Workstation (SSO4): on domain ES02 >>> >>> - Window Xp Workstation (SSO2): on domain ES01 >>> >>> We put a both side trust relationship and seems to work regarding >>> command "net rpc trustdom list". >>> >>> *[root@localhost ~]# net rpc trustdom list* >>> *Enter root's password:* >>> *Trusted domains list:* >>> * >>> * >>> *ES01 S-1-5-21-1816646249-803782145-3669927669* >>> * >>> * >>> *Trusting domains list:* >>> * >>> * >>> *ES01 S-1-5-21-1816646249-803782145-3669927669* >>> >>> >>> Now, here is the issue: >>> >>> We can logon domain ES01 with Windows account from Windows Xp >>> Workstation (normal use) >>> We can logon domain ES01 with Samba account from Windows Xp Workstation >>> (that's outgoing trust relationship's work) >>> We can logon domain ES02 with samba account (pretty normal use) >>> *We CAN'T logon domain ES02 with Windows Account (and unfortunatly, >>> that's what we need to go further)* >>> >>> I join you all my configuration files and SS4 workstation log while I >>> try to log with "tata" account from ES01 windows domain. >>> >>> As you can see in smb.conf, we tried some custom tricks to make winbind >>> working... >>> >>> Hope you will give us a fresh idea that we didn't think about. >>> >>> Regards, >>> Romain >>> >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
