thr3ads.net - samba - [Samba] Accessing shares from 2 domains [Nov 2008]

If this information is useful, please help other people find it:
Share via:

Jason x

2008-Nov-21 15:54 UTC

[Samba] Accessing shares from 2 domains

We are splitting our users into 2 domains(DOMAINA and DOMAINB (changed for
security reason)). I am having problems getting users who log into their
workstation on DOMAINA to access a samba share on DOMAINB. We are using W2K3
servers as our AD with LDAP. Samba shares on are CentOS5.1 servers. I Can anyone
point me to some docs on how to set this up? I have been rumbling through google
for the past 2 weeks and haven't found very many links that have been
helpful.

We have set up interdomain trusts on the Windows side. 

When I try to access a samba share from a windows box on DOMAINA to a samba
share on DOMAINB I get this in the samba log:

[2008/11/20 09:53:18, 1] auth/auth.c:check_domain_match(172)
  check_domain_match: Attempt to connect as user username from domain DOMAINA
denied


When I do a wbinfo -m both domains are listed.
 wbinfo -m
DOMAINA
DOMAINB


wbinfo --sequence
DOMAINA : DISCONNECTED
DOMAINB : 82408



smb.conf
workgroup = DOMAINB

security = ads

realm = DOMAINB.COM

allow trusted domains = no
rid:DOMAINB=10000-100000000idmap uid = 10000-100000000
idmap gid = 10000-100000000
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = no
winbind use default domain = yes
winbind separator = +
template shell = /bin/bash
template homedir = /home/%U



krb5.conf
[libdefaults]
    default_realm = DOMAINB.COM

[realms]
    DOMAINB.COM = {
        admin_server = servername.domainb.com
        kdc = servername.domainb.com
    }

    DOMAINA.COM = {
        admin_server = servername.domaina.com
        kdc = servername.domaina.com
        kdc = servername2.domaina.com
    }
[domain_realms]
    .domainb.com = DOMAINB.COM
    domainb.com = DOMAINB.COM

    .domaina = DOMAINA.COM
    domaina.com = DOMAINA.COM
    .kerberos.server = DOMAINA.COM




nsswitch.conf

passwd: files winbind
shadow: files winbind
group: files winbind
protocols: files winbind
services: files winbind
netgroup: files winbind
automount: files winbind


hosts:      files dns wins



Thanks in advanced!

j



_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008

Seemingly Similar Threads

Search for more seemingly similar threads

samba - Nov 2008 - Accessing shares from 2 domains

[Samba] Accessing shares from 2 domains

Seemingly Similar Threads

Wisdom of the Ancients