Cannot list trusted domains
uri_simchoni at hotmail.com
Thu Jun 2 00:10:27 MDT 2011
I have a NAS device with samba 3.2.15 connected to a domain in a multi-forest Win2K8R2 active directory (Resource model deployment).I have a problem authenticating (pam_winbind) users from other domains. Users in "my" domain work perfectly.I noticed that when winbindd starts, the query to list trusted domains fails with INVALID_PARAMETER.(Successfully opens the NETLOGON pipe with schannel, but rpccli_netr_DsrEnumerateDomainTrusts() returns INVALID_PARAMETER).
I think that as a consequence, winbindd is unable to find the DC of the other domain and cannot complete the authentication process.
I suspect that some security policy in Win2K8R2 is preventing the "normal" samba code from working.Does this ring a bell to anyone?
More information about the samba-technical