Hi, I have two Windows Domains, DOMA and DOMB. A Samba 3.6 Server is a member server in DOMA. DOMA has a (unidirectional) trust relationship to DOMB. Users from DOMB should be able to connect and authenticate at the Samba server.
The domain controller of DOMB has the IP 10.35.5.25. During authentication of a DOMB user at a share I get the following log entries: get_dc_list: preferred server list: ", *" [2013/01/10 11:24:59.816974, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 10.35.5.25 [2013/01/10 11:24:59.818216, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 10.35.5.25 [2013/01/10 11:24:59.819284, 3] libads/ldap.c:694(ads_connect) Connected to LDAP server dc01.domb [2013/01/10 11:24:59.821064, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2013/01/10 11:24:59.821196, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2013/01/10 11:24:59.821296, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2013/01/10 11:24:59.821354, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2013/01/10 11:24:59.821478, 3] libads/sasl.c:878(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = dc01$@DOMB [2013/01/10 11:24:59.822188, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) Ignoring unknown parameter "idmap domains" [2013/01/10 11:25:00.883025, 1] libsmb/clikrb5.c:799(ads_krb5_mk_req) ads_krb5_mk_req: smb_krb5_get_credentials failed for ldap/dc01.domb@DOMB (Server not found in Kerberos database) [2013/01/10 11:25:00.883184, 0] libads/sasl.c:908(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database [2013/01/10 11:25:00.883536, 1] winbindd/idmap_ad.c:149(ad_idmap_cached_connection_internal) ad_idmap_cached_connection_internal: failed to connect to AD First you have to know that the users can successfully authenticate to the samba server. But there are error messages in the log I donĀ“t understand, especially the "failed to connect to AD" error message. Why is this AD connection to DOMB necessary? What exactly is the samba server trying to do with the DOMB domain controller? Kind regards Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
