Fay zhang
2016-Oct-01 23:20 UTC
[Samba] winbind join ad via the trust forest's child domain user failed.
Hi all, I want to let linux server join ad by using a trust ad's child domain user, but failed with error. below is my env and what I have try I have 3 domain controller: test.com,demo.com and chn.demo.com test.com with demo.com is two way trust. and chn.demo.com is the child domain of demo.com demo at demo.com chn at chn.demo.com can join ad member to test.com I have tested demo at demo.com chn at chn.demo.com let win server join the test.com domain all is ok. but when I do this under linux(centos7) via winbind(samba-winbind-4.2.10-7.el7_2.x86_64) demo at demo.com is ok, but chn at chn.demo.com just can't work. success: [root at test01 ~]# net ads join -U demo at demo.com%Test123 Using short domain name -- TEST Joined 'TEST01' to dns domain 'test.com' with error: [root at test01 ~]# net ads join -U chn at chn.demo.com%Test123 Failed to join domain: failed to lookup DC info for domain 'TEST.COM <http://test.com/>' over rpc: Logon failure [root at test01 ~]# net ads join -U chn\\chn%Demo123 kerberos_kinit_password chn at TEST.COM failed: Client not found in Kerberos database Failed to join domain: failed to connect to AD: Client not found in Kerberos database Is anybody know weather I miss something ? or how to use child domains user join ad via winbind? thanks Firxiao
Rowland Penny
2016-Oct-02 08:17 UTC
[Samba] winbind join ad via the trust forest's child domain user failed.
On Sat, 01 Oct 2016 23:20:01 +0000 Fay zhang via samba <samba at lists.samba.org> wrote:> Hi all, > I want to let linux server join ad by using a trust ad's child domain > user, but failed with error. > below is my env and what I have try > > I have 3 domain controller: test.com,demo.com and chn.demo.com > > test.com with demo.com is two way trust. and chn.demo.com is the child > domain of demo.com > > demo at demo.com chn at chn.demo.com can join ad member to test.com > > I have tested demo at demo.com chn at chn.demo.com let win server join the > test.com domain all is ok. > > but when I do this under linux(centos7) via > winbind(samba-winbind-4.2.10-7.el7_2.x86_64) demo at demo.com is ok, > but chn at chn.demo.com just can't work. > > success: > [root at test01 ~]# net ads join -U demo at demo.com%Test123 > Using short domain name -- TEST > Joined 'TEST01' to dns domain 'test.com' > > > with error: > [root at test01 ~]# net ads join -U chn at chn.demo.com%Test123 > Failed to join domain: failed to lookup DC info for domain 'TEST.COM > <http://test.com/>' over rpc: Logon failure > [root at test01 ~]# net ads join -U chn\\chn%Demo123 > kerberos_kinit_password chn at TEST.COM failed: Client not found in > Kerberos database > Failed to join domain: failed to connect to AD: Client not found in > Kerberos database > > > Is anybody know weather I miss something ? or how to use child > domains user join ad via winbind? > > thanks > FirxiaoAS far as I am aware, child domains are not (yet) supported Rowland
Fay zhang
2016-Oct-04 07:50 UTC
[Samba] winbind join ad via the trust forest's child domain user failed.
Thanks for reply, but is there any documents about not support child domains ? Thanks Firxiao On Sun, Oct 2, 2016 at 4:24 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Sat, 01 Oct 2016 23:20:01 +0000 > Fay zhang via samba <samba at lists.samba.org> wrote: > > > Hi all, > > I want to let linux server join ad by using a trust ad's child domain > > user, but failed with error. > > below is my env and what I have try > > > > I have 3 domain controller: test.com,demo.com and chn.demo.com > > > > test.com with demo.com is two way trust. and chn.demo.com is the child > > domain of demo.com > > > > demo at demo.com chn at chn.demo.com can join ad member to test.com > > > > I have tested demo at demo.com chn at chn.demo.com let win server join the > > test.com domain all is ok. > > > > but when I do this under linux(centos7) via > > winbind(samba-winbind-4.2.10-7.el7_2.x86_64) demo at demo.com is ok, > > but chn at chn.demo.com just can't work. > > > > success: > > [root at test01 ~]# net ads join -U demo at demo.com%Test123 > > Using short domain name -- TEST > > Joined 'TEST01' to dns domain 'test.com' > > > > > > with error: > > [root at test01 ~]# net ads join -U chn at chn.demo.com%Test123 > > Failed to join domain: failed to lookup DC info for domain 'TEST.COM > > <http://test.com/>' over rpc: Logon failure > > [root at test01 ~]# net ads join -U chn\\chn%Demo123 > > kerberos_kinit_password chn at TEST.COM failed: Client not found in > > Kerberos database > > Failed to join domain: failed to connect to AD: Client not found in > > Kerberos database > > > > > > Is anybody know weather I miss something ? or how to use child > > domains user join ad via winbind? > > > > thanks > > Firxiao > > AS far as I am aware, child domains are not (yet) supported > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Maybe Matching Threads
- winbind join ad via the trust forest's child domain user failed.
- AD on 2003R2 NT_STATUS_NO_SUCH_USER
- issues after rebooting
- Bug#894013: xen-utils-common: issue with iptables antispoofing rules in xen4.8 generated by vif-bridge and vif-common.sh
- Authentication with trusted credentials