Ricardo Carlini Sperandio
2013-Mar-12 20:16 UTC
[Samba] Strange Problem with Samba and WIndows 2012 Domain forest
Hello, I work in a corp with a lot of active directory domains (20 in total) in a forest, these 18 are in windows 2003 with '2003 level mode' and twin in AD 2012 with '2012 level mode'. There is a domain hierarchy like this: . Domain2003A <----------Trust relation------------->Doman2012X<------Trust relation----->Domain2012Y |- Domain2003B |- Domain2003C . . . |-Domain2003R The problem is: When I put the Linux machine with Samba 3.5.x or 3.6.x in Domain2003C (son of Domain2003A) all users in domains sons of Domain2003A (Domain2003A...Domain2003R) can login on this. But users of Domain2012X (and 2012Y) can't do. When I did a winbind -D domain2012X I got: In Samba 3.5.x Could not get domain info in Samba 3.6.x failed to call wbcDomainInfo: WBC_ERR_DOMAIN_NOT_FOUND Could not get domain info But in Samba 3.4.x (x = 8 and 17): wbinfo -D DOMAIN2012X Name : DOMAIN2012X Alt_Name : domain.2012.a.com SID : S-1-5-21-2994637511-790031978-1797744665 Active Directory : Yes Native : Yes Primary : No And when I included the Linux Machine in DOMAIN2012X with samba 3.6.x only users from Doman2012X and Doman2012Y could logon on it. winbind -m didn't show the Domain2003A and his sons. I put the Linux Samba machine in domain (in all cases) with the command: net ads join -U userAdd My security mode in smb.conf is ads and I have krb5.conf and smb.conf's realm configured. So, what's the possible problem? Regards Ricardo
Ricardo Carlini Sperandio
2013-Mar-19 18:07 UTC
[Samba] Strange Problem with Samba and WIndows 2012 Domain forest
Em 12-03-2013 17:16, Ricardo Carlini Sperandio escreveu:> Hello, > > I work in a corp with a lot of active directory domains (20 in > total) in a forest, these 18 are in windows 2003 with '2003 level > mode' and twin in AD 2012 with '2012 level mode'. > > There is a domain hierarchy like this: > > . Domain2003A <----------Trust > relation------------->Doman2012X<------Trust relation----->Domain2012Y > |- Domain2003B > |- Domain2003C > . > . > . > |-Domain2003R > > The problem is: > When I put the Linux machine with Samba 3.5.x or 3.6.x in > Domain2003C (son of Domain2003A) all users in domains sons of > Domain2003A (Domain2003A...Domain2003R) can login on this. But users > of Domain2012X (and 2012Y) can't do. > > When I did a winbind -D domain2012X I got: > > In Samba 3.5.x > Could not get domain info > > in Samba 3.6.x > failed to call wbcDomainInfo: WBC_ERR_DOMAIN_NOT_FOUND > Could not get domain info > > But in Samba 3.4.x (x = 8 and 17): > > wbinfo -D DOMAIN2012X > Name : DOMAIN2012X > Alt_Name : domain.2012.a.com > SID : S-1-5-21-2994637511-790031978-1797744665 > Active Directory : Yes > Native : Yes > Primary : No > > > And when I included the Linux Machine in DOMAIN2012X with samba 3.6.x > only users from Doman2012X and Doman2012Y could logon on it. > winbind -m didn't show the Domain2003A and his sons. > > I put the Linux Samba machine in domain (in all cases) with the > command: net ads join -U userAdd > > My security mode in smb.conf is ads and I have krb5.conf and > smb.conf's realm configured. > > So, what's the possible problem? > > Regards > > Ricardo > >Anybody else? Any sugestion?