search for: smdc3

...accounts with wbinfo and kinit. I followed guides: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member https://www.kania-online.de/wp-content/uploads/2019/06/trusts-tutorial.pdf What I missed? What additional diagnostic can I make? How to make a step forward? Samba 4.11 DC: d@*us-smdc3*:~$ cat /etc/samba/smb.conf # Global parameters [global] dns forwarder = 10.0.1.2 # trusted ad dc netbios name = US-SMDC3 realm = SVITLA3.ROOM server role = active directory domain controller workgroup = SVITLA3 idmap_ldb:use rfc2307 = yes log...

...al forwarding to svitla3.room domain d at uc-smlbox20:~$ host -t A apex.corp apex.corp has address 10.0.1.2 d at uc-smlbox20:~$ host -t A svitla3.room svitla3.room has address 10.0.0.6 d at uc-smlbox20:~$ host -t SRV _ldap._tcp.svitla3.room. _ldap._tcp.svitla3.room has SRV record 0 100 389 us-smdc3.svitla3.room. d at uc-smlbox20:~$ host -t SRV _kerberos._tcp.svitla3.room. _kerberos._tcp.svitla3.room has SRV record 0 100 88 us-smdc3.svitla3.room. d at uc-smlbox20:~$ host -t SRV _ldap._tcp.apex.corp. _ldap._tcp.apex.corp has SRV record 0 100 389 ws-addc.apex.corp. d at uc-smlbox20:~$ host...

...-smlbox20:~$ host -t A apex.corp > > apex.corp has address 10.0.1.2 > > d at uc-smlbox20:~$ host -t A svitla3.room > > svitla3.room has address 10.0.0.6 > > d at uc-smlbox20:~$ host -t SRV _ldap._tcp.svitla3.room. > > _ldap._tcp.svitla3.room has SRV record 0 100 389 us-smdc3.svitla3.room. > > d at uc-smlbox20:~$ host -t SRV _kerberos._tcp.svitla3.room. > > _kerberos._tcp.svitla3.room has SRV record 0 100 88 us-smdc3.svitla3.room. > > d at uc-smlbox20:~$ host -t SRV _ldap._tcp.apex.corp. > > _ldap._tcp.apex.corp has SRV record 0 100 389 ws-addc.a...

...ttps://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > https://www.kania-online.de/wp-content/uploads/2019/06/trusts- > tutorial.pdf > What I missed? What additional diagnostic can I make? How to > make a step > forward? > > Samba 4.11 > > DC: > d@*us-smdc3*:~$ cat /etc/samba/smb.conf > # Global parameters > [global] > dns forwarder = 10.0.1.2 # trusted ad dc > netbios name = US-SMDC3 > realm = SVITLA3.ROOM > server role = active directory domain controller > workgroup = SVITLA3 >...

...forwarding to svitla3.room domain d at uc-smlbox20:~$ host -t A apex.corp apex.corp has address 10.0.1.2 d at uc-smlbox20:~$ host -t A svitla3.room svitla3.room has address 10.0.0.6 d at uc-smlbox20:~$ host -t SRV _ldap._tcp.svitla3.room. _ldap._tcp.svitla3.room has SRV record 0 100 389 us-smdc3.svitla3.room. d at uc-smlbox20:~$ host -t SRV _kerberos._tcp.svitla3.room. _kerberos._tcp.svitla3.room has SRV record 0 100 88 us-smdc3.svitla3.room. d at uc-smlbox20:~$ host -t SRV _ldap._tcp.apex.corp. _ldap._tcp.apex.corp has SRV record 0 100 389 ws-addc.apex.corp. d at uc-smlbox20:~$ host...

Hi Rowland, Thank you for effort My output as you requested: ## Samba DC d at us-smdc3:~$ wbinfo --online-status BUILTIN : active connection SVITLA3 : active connection APEX : active connection ## Linux Client d at uc-sm18:~$ wbinfo --online-status BUILTIN : online UC-SM18 : online SVITLA3 : online APEX : online # UC-SM18 is a Linux member of SVITLA3. You decided to demonstrate to...

...> aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96 > Kerberos: Requested flags: renewable-ok, canonicalize, renewable, > forwardable > Successful login with password shows two lines more: > > Kerberos: TGS-REQ Administrator at SVITLA3.ROOM from ipv4:10.0.0.2:63279 for > cifs/us-smdc3.svitla3.room/svitla3.room at SVITLA3.ROOM [renewable, > forwardable] > Kerberos: TGS-REQ authtime: 2020-11-19T17:16:53 starttime: > 2020-11-19T17:16:55 endtime: 2020-11-20T03:16:53 renew till: > 2020-11-26T17:16:53 > I use CA based on OpenSSL, I have root, intermediate CAs, DC certif...

...domain d at uc-smlbox20:~$ host -t A apex.corp apex.corp has address 10.0.1.2 d at uc-smlbox20:~$ host -t A svitla3.room svitla3.room has address 10.0.0.6 d at uc-smlbox20:~$ host -t SRV _ldap._tcp.svitla3.room. _ldap._tcp.svitla3.room has SRV record 0 100 389 us-smdc3.svitla3.room. d at uc-smlbox20:~$ host -t SRV _kerberos._tcp.svitla3.room. _kerberos._tcp.svitla3.room has SRV record 0 100 88 us-smdc3.svitla3.room. d at uc-smlbox20:~$ host -t SRV _ldap._tcp.apex.corp. _ldap._tcp.apex.corp has SRV record 0 100 389 ws-addc.apex.corp. d at...

On 21/07/2020 15:38, Yakov Revyakin wrote: > Hi Rowland, > Thank you for effort > > My output as you requested: > ## Samba DC > d at us-smdc3:~$ wbinfo --online-status > BUILTIN : active connection > SVITLA3 : active connection > APEX : active connection > > ## Linux Client > d at uc-sm18:~$ wbinfo --online-status > BUILTIN : online > UC-SM18 : online > SVITLA3 : online > APEX : online > > # UC-SM18 is...

...o get answers On Tue, 21 Jul 2020 at 17:54, Rowland penny via samba <samba at lists.samba.org> wrote: > On 21/07/2020 15:38, Yakov Revyakin wrote: > > Hi Rowland, > > Thank you for effort > > > > My output as you requested: > > ## Samba DC > > d at us-smdc3:~$ wbinfo --online-status > > BUILTIN : active connection > > SVITLA3 : active connection > > APEX : active connection > > > > ## Linux Client > > d at uc-sm18:~$ wbinfo --online-status > > BUILTIN : online > > UC-SM18 : online > > SVITLA3 : onl...

Point #1: is not correct. Why is Jake getting an ID from * Range and not APEX range. ? That need to be found first Run: net cache flush Restart samba. : systemctl restart smbd winbind nmbd (and/or sssd is you use that) wbinfo --all-domains -ug id jake getent passwd jake Any improvement? > if you have set: APEX:backend = ad Yes, and did you assign an UID/GID after you changed RID to