I have IPA domain with AD trust. AD userc can login in IPA computers. getent passwd ad_user@ad_domain and id ad_user@ad_domain I can login via ssh with kerberos ticket for ad_user@ad_domain
I setup SAMBA for this article https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA kinit ad_user@ad_domain smbclient -k -L sambatest.ipa.domain smbclient -k //sambatest.ipa.domain It works. \\sambatest.ipa.domain from AD domain controllers works. But from other AD domain server (not controller) - not works. There are login and password request If i use ad_user@ad_domain and his password i get "There are currently no logon servers available to service the logon request" In samba logs: name_resolve_bcast: Attempting broadcast lookup for name IPA<0x1c> [2018/01/10 00:02:34.419279, 4] ../source3/libsmb/namequery.c:3193(get_dc_list) get_dc_list: no servers found [2018/01/10 00:02:34.419330, 3] ../source3/libsmb/namequery_dc.c:175(rpc_dc_name) Could not look up dc's for domain IPA [2018/01/10 00:02:34.419340, 5] ../source3/auth/auth_domain.c:298(check_ntdomain_security) check_ntdomain_security: unable to locate a DC for domain [2018/01/10 00:02:34.419349, 5] ../source3/auth/auth.c:252(auth_check_ntlm_password) check_ntlm_password: winbind authentication for user [ad_user@ad_domain] FAILED with error NT_STATUS_NO_L OGON_SERVERS [2018/01/10 00:02:34.419360, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [ad_user@ad_domain] -> [ad_user@ad_domain] FAI LED with error NT_STATUS_NO_LOGON_SERVERS [2018/01/10 00:02:34.419370, 5] ../source3/auth/auth_ntlmssp.c:188(auth3_check_password) Checking NTLMSSP password for \ad_user@ad_domain failed: NT_STATUS_NO_LOGON_SERVERS [2018/01/10 00:02:34.419392, 5] ../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password) ../auth/ntlmssp/ntlmssp_server.c:737: Checking NTLMSSP password for \ad_user@ad_domain failed: NT_STATUS_ NO_LOGON_SERVERS [2018/01/10 00:02:34.419405, 2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_LOGON_SERVERS Aftrer AD controller reboot \\sambatest.ipa.domain stops work on controller When i check relationship in Domain and Trust it works again. IPA server name is DC AD controller name is AD What's wrong? -- С уважением, Николай. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org