Winbind works very well for most of the domains with which we have trusts.
But for one domain, 'groups DOMAIN\user' returns only gid 0, and I see
kerberos errors in winbind logs:
[2008/01/31 13:51:12, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602) ads_krb5_mk_req:
krb5_get_credentials failed for [EMAIL PROTECTED] (Server not found in
Kerberos database)
[2008/01/31 13:51:12, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)
ads_connect for domain THEIRDOMAIN failed: Server not found in Kerberos database
[2008/01/31 13:51:12, 1] nsswitch/winbindd_user.c:winbindd_dual_userinfo(152)
error getting user info for sid S-1-[...]
Don McCall appears to have had the same problem:
http://lists.samba.org/archive/samba-technical/2007-February/051678.html
Jerry confirmed that a two-way trust is required between the domain that
the winbind host belongs to and any trusted domains. Is there any
workaround to this at all?
Is it perhaps possible have winbind use credentials from the trusted
domain to bind to the DC for looking up user information?
Thank you,
Ian Masterson
University of Washington Libraries
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
