Carsten Maul
2013-Jan-10 10:53 UTC
[Samba] Samba member server and trusted domains question
Hi, I have two Windows Domains, DOMA and DOMB. A Samba 3.6 Server is a member server in DOMA. DOMA has a (unidirectional) trust relationship to DOMB. Users from DOMB should be able to connect and authenticate at the Samba server. The domain controller of DOMB has the IP 10.35.5.25. During authentication of a DOMB user at a share I get the following log entries: get_dc_list: preferred server list: ", *" [2013/01/10 11:24:59.816974, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 10.35.5.25 [2013/01/10 11:24:59.818216, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 10.35.5.25 [2013/01/10 11:24:59.819284, 3] libads/ldap.c:694(ads_connect) Connected to LDAP server dc01.domb [2013/01/10 11:24:59.821064, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2013/01/10 11:24:59.821196, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2013/01/10 11:24:59.821296, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2013/01/10 11:24:59.821354, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2013/01/10 11:24:59.821478, 3] libads/sasl.c:878(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = dc01$@DOMB [2013/01/10 11:24:59.822188, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) Ignoring unknown parameter "idmap domains" [2013/01/10 11:25:00.883025, 1] libsmb/clikrb5.c:799(ads_krb5_mk_req) ads_krb5_mk_req: smb_krb5_get_credentials failed for ldap/dc01.domb at DOMB (Server not found in Kerberos database) [2013/01/10 11:25:00.883184, 0] libads/sasl.c:908(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database [2013/01/10 11:25:00.883536, 1] winbindd/idmap_ad.c:149(ad_idmap_cached_connection_internal) ad_idmap_cached_connection_internal: failed to connect to AD First you have to know that the users can successfully authenticate to the samba server. But there are error messages in the log I don?t understand, especially the "failed to connect to AD" error message. Why is this AD connection to DOMB necessary? What exactly is the samba server trying to do with the DOMB domain controller? Kind regards Carsten
Apparently Analagous Threads
- wbinfo -r not listing domain local groups
- samba4 domain member and multiple domains
- smbclient can access sysvol Windows clients cannot
- Samba trusted domains and access control lists problem (cannot delete or rename)
- How to stop winbind client connecting to trusted DC
Wisdom of the Ancients
