-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [EMAIL PROTECTED] wrote: | I 've spent the last week troubleshooting a configuration issue regarding | samba not being able to connect to other domains beside the domain of which | it 's a member server (samba 3.0.14a, krb 1.3.6, w2k). | | I have some doubts perhaps someone can answer... | | Suppose this scenario: | | Samba name : SAMBA | Main domain: DOMAINA (domain controller = DCA) | Others domains : DOMAINB, DOMAINC (domain controllers DCB y DCC) | | | 1) When samba tries to connect via kerberos to others | domains, which principal is supposed to use? I 'd think | it is [EMAIL PROTECTED] What I see is that it first connects | via LDAP using this machine account but then tries to connect | via kerberos with [EMAIL PROTECTED] or [EMAIL PROTECTED] Is this | correct or I am not understanding the logfiles correctly?
It should be obtaining a service for [EMAIL PROTECTED] That's probably what you are seeing. | 2) Is wbinfo --set-auth-user still needed? I 'm not using | it because I read somewhere that with 3.0+ is not needed | anymore. Generally it is not needed. Certainly not when all the domains are AD and the Samba host is configured with 'security = ads'. | 3) My krb5.conf doesn 't contain any references to | servers. All it contains is dns_lookup_realm=true, | dns_lookup_kdc=true and default_realm=XXXXX. Do I | need anything specific or current krb5 can obtain everything | it needs from the DNS? DNS is fine. That's how I run. Make sure that the appropriate SRV records are in DNS though. | 4) Do I need to do the ktpass thing at the windows DC? Nope. It is all handled by the AD trusts. Hope this helps. cheers, jerry ===================================================================== Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCy9eZIR7qMdg1EfYRAqisAJ9rX1cPqnc6nFsiaOrWlzdpySPThgCg5Sr8 WYhFbq5OfcZc37LNf/Nva+U= =ESfW -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
