Everyone,
I am trying to connect my server to another AD domain, but
it will not make the connection. I have successfully joined it to one
domain in AD and I want it to authenticate users from another domain in
the same tree. When I run the command wbinfo -sequence, I get
disconnected messages for all the domains except my home domain. I have
my krb5.conf file configured exactly as I do on another server that
works perfectly. Can anyone point me to my problem?
Here is a small piece of the log.wb-EU file...
[2006/09/27 08:47:37, 5]
nsswitch/winbindd_cm.c:set_dc_type_and_flags(870)
set_dc_type_and_flags: Could not open a connection to EU:
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2006/09/27 08:47:37, 10]
nsswitch/winbindd_cache.c:cache_store_response(1493)
Storing response for pid 7561, len 1300
[2006/09/27 08:47:37, 10] nsswitch/winbindd_dual.c:dual_client_read(53)
client_read: read 1828 bytes. Need 0 more for a full request.
[2006/09/27 08:47:37, 4] nsswitch/winbindd_dual.c:fork_domain_child(479)
child daemon request 32
[2006/09/27 08:47:37, 10]
nsswitch/winbindd_dual.c:child_process_request(352)
process_request: request fn SHOW_SEQUENCE
[2006/09/27 08:47:37, 3]
nsswitch/winbindd_misc.c:winbindd_dual_show_sequence(331)
[ 7556]: show sequence
[2006/09/27 08:47:37, 5] nsswitch/winbindd_cache.c:get_cache(137)
get_cache: Setting MS-RPC methods for domain EU
[2006/09/27 08:47:37, 10]
nsswitch/winbindd_cache.c:fetch_cache_seqnum(276)
fetch_cache_seqnum: invalid data size key [SEQNUM/EU]
[2006/09/27 08:47:37, 10] nsswitch/winbindd_rpc.c:sequence_number(749)
rpc: fetch sequence_number for EU
[2006/09/27 08:47:37, 8] nsswitch/winbindd_cm.c:connection_ok(806)
Connection to for domain EU has NULL cli!
[2006/09/27 08:47:39, 10]
nsswitch/winbindd_cache.c:store_cache_seqnum(329)
store_cache_seqnum: success [EU][4294967295 @ 1159372059]
[2006/09/27 08:47:39, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(387)
refresh_sequence_number: EU seq number is now -1
[2006/09/27 08:47:39, 10]
nsswitch/winbindd_cache.c:cache_store_response(1493)
Storing response for pid 7561, len 1300
[2006/09/27 08:49:52, 10] nsswitch/winbindd_dual.c:dual_client_read(53)
client_read: read 1828 bytes. Need 0 more for a full request.
[2006/09/27 08:49:52, 4] nsswitch/winbindd_dual.c:fork_domain_child(479)
child daemon request 32
[2006/09/27 08:49:52, 10]
nsswitch/winbindd_dual.c:child_process_request(352)
process_request: request fn SHOW_SEQUENCE
[2006/09/27 08:49:52, 3]
nsswitch/winbindd_misc.c:winbindd_dual_show_sequence(331)
[ 7556]: show sequence
[2006/09/27 08:49:52, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(359)
refresh_sequence_number: EU time ok
[2006/09/27 08:49:52, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(387)
refresh_sequence_number: EU seq number is now -1
[2006/09/27 08:49:52, 10]
nsswitch/winbindd_cache.c:cache_store_response(1493)
Storing response for pid 7561, len 1300
Thanks,
Ron
Felipe Augusto van de Wiel
2006-Oct-03 13:49 UTC
[Samba] Cannot connect to other domains...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/27/2006 12:51 PM, Trimble, Ronald D escreveu:> Everyone, > > I am trying to connect my server to another AD domain, but > it will not make the connection. I have successfully joined it to one > domain in AD and I want it to authenticate users from another domain in > the same tree. When I run the command wbinfo -sequence, I get > disconnected messages for all the domains except my home domain. I have > my krb5.conf file configured exactly as I do on another server that > works perfectly. Can anyone point me to my problem?You have three two domains? You are joined in domain1 and you want to auth users from domain2? The trust relationship should be made on the PDC, and judging by this error:> set_dc_type_and_flags: Could not open a connection to EU: > (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)I would say that something is happening with the PDC configuration, IMHO, the best way to try to help you is outline the steps you have made to achieve your actual setup and also send your smb.conf for reference.> Here is a small piece of the log.wb-EU file...[...]> Thanks, > RonKind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFImpdCj65ZxU4gPQRAujDAJ9X2Eaz8q8jC7rI528AiARcPRWR5ACdFtLr Hj9d+k9ufs75PqPy/B9+WqI=29gm -----END PGP SIGNATURE-----