Roger Roden
2008-Sep-19 04:20 UTC
[Samba] Can't authenticate users from both domains in forest
I have 2 domains in my forest. I need to allow users from both DomA (The
forest root and the Domain the server is joined to) and DomB to log in. All
works fine with DomA, but no one from DomB can log in. wbinfo --domain=DOMB
-u returns error looking up domain users. wbinfo -D DOMB returns the
following:
Name : DOMB
Alt_Name : DOMB.local
SID : S-1-5-21-1846896199-2149236580-2910475250
Active Directory : No
Native : No
Primary : No
Sequence : -1
I can get a kerberos ticket from DomB.
Here is my smb.conf
----------------------------------------------------------------------------------------------------------------------------
[global]
#--authconfig--start-line--
# Generated by authconfig on 2008/09/17 12:52:21
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = DOMA
password server = ad01.doma.local
realm = DOMA.LOCAL
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = false
winbind offline logon = false
#--authconfig--end-line--
log level = 3
server string = Samba Server Version %v
client use spnego = yes
passdb backend = tdbsam
wins server = AN.I.P.ADDRESS
cups options = raw
-----------------------------------------------------------------------------------------------------------
I'm running CentOS 5 and Samba 3.0.28. All AD Servers are 2003 R2.
Thanks
Possibly Parallel Threads
- wbinfo -r not listing domain local groups
- samba4 domain member and multiple domains
- How to stop winbind client connecting to trusted DC
- winbind does not list users from trusted domain
- Samba trusted domains and access control lists problem (cannot delete or rename)
Wisdom of the Ancients
