Romain
2012-Dec-13 19:44 UTC
[Samba] logon Samba workstation domain with Active Directory trustdom account issue
Hello samba list, I'm close to be able to make this work but I just need a bit help. Here is the situation: - Windows 2008 R2 x64 Domain Controller: domain ES01 - Samba 3.4.3 Domain Controller:domain ES02 - Windows Seven Workstation (SSO4): on domain ES02 - Window Xp Workstation (SSO2): on domain ES01 We put a both side trust relationship and seems to work regarding command "net rpc trustdom list". *[root at localhost ~]# net rpc trustdom list* *Enter root's password:* *Trusted domains list:* * * *ES01 S-1-5-21-1816646249-803782145-3669927669* * * *Trusting domains list:* * * *ES01 S-1-5-21-1816646249-803782145-3669927669* Now, here is the issue: We can logon domain ES01 with Windows account from Windows Xp Workstation (normal use) We can logon domain ES01 with Samba account from Windows Xp Workstation (that's outgoing trust relationship's work) We can logon domain ES02 with samba account (pretty normal use) *We CAN'T logon domain ES02 with Windows Account (and unfortunatly, that's what we need to go further)* I join you all my configuration files and SS4 workstation log while I try to log with "tata" account from ES01 windows domain. As you can see in smb.conf, we tried some custom tricks to make winbind working... Hope you will give us a fresh idea that we didn't think about. Regards, Romain
Romain
2012-Dec-14 09:49 UTC
[Samba] logon Samba workstation domain with Active Directory trustdom account issue
Hi, I made a mistake, we have Samba 3.5.3. Can somebody help ? Regards, Romain 2012/12/13 Romain <gromly at gmail.com>> Hello samba list, > > I'm close to be able to make this work but I just need a bit help. Here is > the situation: > > - Windows 2008 R2 x64 Domain Controller: domain ES01 > > - Samba 3.4.3 Domain Controller:domain ES02 > > - Windows Seven Workstation (SSO4): on domain ES02 > > - Window Xp Workstation (SSO2): on domain ES01 > > We put a both side trust relationship and seems to work regarding command > "net rpc trustdom list". > > *[root at localhost ~]# net rpc trustdom list* > *Enter root's password:* > *Trusted domains list:* > * > * > *ES01 S-1-5-21-1816646249-803782145-3669927669* > * > * > *Trusting domains list:* > * > * > *ES01 S-1-5-21-1816646249-803782145-3669927669* > > > Now, here is the issue: > > We can logon domain ES01 with Windows account from Windows Xp Workstation > (normal use) > We can logon domain ES01 with Samba account from Windows Xp Workstation > (that's outgoing trust relationship's work) > We can logon domain ES02 with samba account (pretty normal use) > *We CAN'T logon domain ES02 with Windows Account (and unfortunatly, > that's what we need to go further)* > > I join you all my configuration files and SS4 workstation log while I try > to log with "tata" account from ES01 windows domain. > > As you can see in smb.conf, we tried some custom tricks to make winbind > working... > > Hope you will give us a fresh idea that we didn't think about. > > Regards, > Romain >