Login problems in multi-domain AD setup

[Marcel Ritter]

Hi,

we're currently trying to integrate Samba servers into
our multi-domain Active Directory environment.

Our basic AD setup looks like this (very simplified):

fauad.fau.de (FAUAD, contains all user objects)
erl.fau.de (ERL, contains computer objects for location 1)
nbg.fau.de (NBG, contains computer objects for location 2)
...

While testing (samba 3.6.3, SLES 11, computer object in
domain ERL, users in domain FAUAD ) we found some
odd (?) behavior concerning client authentication:

Client joined to domain:

-          kerberized connections work fine

Client not joined to domain:

-          login as FAUAD\username works

-          login as username at FAUAD.FAU.DE<mailto:username at FAUAD.FAU.DE> fails

(tries to authenticate with ERL's DC, instead of FAUAD's)

We also tried to do the same with a Windows fileserver,
where both "manual" logins work:

-          login as FAUAD\username works

-          login as username at FAUAD.FAU.DE<mailto:username at FAUAD.FAU.DE> works

I'm not quite sure, whether  this a configuration issue (s. attached smb.conf),
or something needs to be fixed in the samba code.

Hope someone can help with this.

TIA,
    Marcel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb.conf
Type: application/octet-stream
Size: 783 bytes
Desc: smb.conf
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120403/2bb84e9f/attachment.obj>