[Samba] Samba & ADS & NT4 trusted domains not working .
Ochs, Duane
Duane.Ochs at qg.com
Fri Dec 17 23:21:47 GMT 2004
RH 3.0 ES
krb5 1.2.7
Samba 3.0.9
I am trying to use Samba, Winbind and Kerberos to configure single sign
in and allow users from both Windows and Linux (RH 3.0 ES) platforms to
use shares from either platform. I can not see users from my primary
domain but can see the trusted NT4 groups and users. I have been trying
to get this right for the last week and keep thinking I am missing
something easy. I followed the following doc for setup procedures. Any
help would be appreciated.
http://www.wlug.org.nz/ActiveDirectorySamba
Primary QG.COM
AD = W2K3 running in W2K native mode. With two way trusts with the
following.
3 - W2K3 AD in W2K3 native
5 - NT4 trusted domains
[root at sxec2 rhn-packages]# wbinfo -t
checking the trust secret via RPC calls succeeded
[root at sxec2 rhn-packages]# wbinfo -m
SXEC2
BUILTIN
QMED
CORPORATE
QG_INKJET
QUADTECH
HIGHTECH
IMAGING
QUADMED
CUSTOMERS
[root at sxec2 rhn-packages]# wbinfo --sequence
SXEC2 : 1
BUILTIN : 1
QMED : DISCONNECTED W2K3 Native
CORPORATE : 1031564 NT
QG_INKJET : 95442 NT
QUADTECH : 9281 NT
HIGHTECH : 164705 NT
IMAGING : 60026 NT
QUADMED : DISCONNECTED W2K3
CUSTOMERS : DISCONNECTED W2K3
QG : DISCONNECTED W2K3 in W2K native
wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
BUILTIN\Print Operators
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Users
QMED\Domain Admins
QMED\Domain Users
QMED\Domain Guests
QMED\Domain Computers
QMED\Domain Controllers
QMED\Schema Admins
QMED\Enterprise Admins
QMED\Group Policy Creator Owners
QMED\DnsUpdateProxy
QUADTECH\AbnAmro
QUADTECH\Domain Admins
QUADTECH\Domain Guests
QUADTECH\Domain Users
QUADTECH\Organisatie
HIGHTECH\Domain Admins
HIGHTECH\Domain Guests
HIGHTECH\Domain Users
IMAGING\Domain Admins
IMAGING\Domain Guests
IMAGING\DOMAIN POLICY
IMAGING\DOMAIN PROD
IMAGING\Domain Users
CUSTOMERS\Domain Admins
CUSTOMERS\Domain Users
CUSTOMERS\Domain Guests
CUSTOMERS\Domain Computers
CUSTOMERS\Domain Controllers
CUSTOMERS\Schema Admins
CUSTOMERS\Enterprise Admins
CUSTOMERS\Group Policy Creator Owners
CUSTOMERS\DnsUpdateProxy
SMB.conf
[global]
netbios name = SXEC2
workgroup = QG
encrypt passwords = yes
realm = QG.COM
server string = "Enterprise Computing Linux Server"
security = ADS
password server = "IP of my AD server"
log level = 3
os level = 0
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
krb5.conf
[logging]
default = FILE:/var/log/krb5/krb5libs.log
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = QG.COM
default_tgs_enctypes = RC4-HMAC des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = RC4-HMAC des3-hmac-sha1 des-cbc-crc des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
QG.COM = {
kdc = "IP of my AD server"
default_domain = qg.com
}
[domain_realm]
.qg.com = QG.COM
qg.com = QG.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Duane Ochs
Enterprise Computing
Quad/Graphics Inc.
Sussex, Wisconsin
414-566-2375 phone
414-566-4010 pin# 2375 beeper
Duane.Ochs at qg.com
www.QG.com <outbind://8/www.QG.com>
More information about the samba
mailing list