Shkaruba Andrey
2024-Jan-06 19:48 UTC
[Samba] Problem create trust between Samba AD and MS Windows AD.
Hello. I faced the problem of building trust between Samba AD and MS Windows AD. In Ubuntu 23.10 (IP-address 10.10.28.223/24) and installed Samba 4.18.6 from base repository was deployed the domain smbub.test. The commad to deployed: samba-tool domain provision --use-rfc2307 --realm=smbub.test -- domain=SMBUB --server-role=dc --dns-backend=BIND9_DLZ --backend- store=mdb --backend-store-size =32Gb --adminpass=testL\@B In Microsoft Windows Server 2016 Standard Version 1607, Build 14393.447 (IP address 10.10.28.227/24) was deployed domain adwin.loc. A user "truster" has been created in it with the rights of administrators, domain administrators, and enterprise administrators. Any policies were not tuned in. Both domain controllers are located on the same network segment, there is no firewall between them. Both domain controllers have forward zones configured to each other. DNS records of type A and SRV of both domains are resolved equally on both domain controllers. I'm building trust trust between domains samba-tool domain trust create adwin.loc --type=external -- direction=both --create-location=both -U truster at ADWIN.LOC Trust is built, but a validation error occurs. Validating outgoing trust... OK: LocalValidation: DC[\\dc01.adwin.loc] CONNECTION[WERR_OK] TRUST[WERR_OK] VERIFY_STATUS_RETURNED Validating incoming trust... ERROR: RemoteValidation: DC[] CONNECTION[WERR_NO_LOGON_SERVERS] TRUST[WERR_NO_LOGON_SERVERS] VERIFY_STATUS_RETURNED As a result, on PC entered into the SMBUB.TEST, you can login with an account from the ADWIN.LOC, but on PC entered into the ADWIN.LO it's impossible to login with a user from the SMBUB.TEST domain. I'm installed updates in the ADWIN.LOC domain controller: [01]: KB3199986 [02]: KB4589210 [03]: KB5012170 [04]: KB5032391 [05]: KB5033373 As a result, the Windows Server build becomes 14393.6529. But the error of building trust persists. The trust is built between Samba AD and Samba AD. The trust built between MS Windows AD and MS Windows. Please help me to fix the error. https://disk.yandex.ru/d/s8AXt5m6JTGbDw In the link: trust_add_d5.txt - log of trust building with log-level 5 trust_add_d16.txt - log of trust building with log-level 16 samba_d5.tar.xz - log of samba with log level 5 samba_d16.tar.xz - log of samba with log level 16 config.tar.xz - archive with Samba, Bind9 and Krb5 configs