[Samba] Samba cannot authenticate users from child domain

Simone simone72 at email.it
Thu Sep 16 13:46:57 GMT 2004


I'll try to post it again......
Have a nice day

Simone wrote:

> Hi,
> I've been  searching a solution for this with no luck for the last 5 
> days, so I thought I'd finally need help.
> We have a ADS primary domain, samba 3.0..4-6.3E on RHEL as a domain 
> member. The parent domain say MEDIA.COM has a child domain 
> CHILD.MEDIA.COM. People from the parent domain can access tha shares 
> with no problem , but I can't find a way to make users from the child 
> domain access any share. We use winbind for auth, and security=ads. 
> I've been trying to add valid users to the share via:
> valid users = CHILD\user CHILD.MEDIA.COM\user
>
> Here's a short cut of my smb.conf :
>
> realm : MEDIA.COM
> auth methods = winbind
> security = ads
> password server = ip_parentdomain_dc ip_childdomain_dc
>
> and here's krb5.conf:
>
> [realms]
> MEDIA.COM = {
> kdc = ip_parentdomain_dc:88
> admin_server = ip_parentdomain_dc:749
> default_domain = media.com
> }
>
> [domain_realm]
> media.com = MEDIA.COM
> .media.com = MEDIA.COM
>
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf   (this file doesn't exist.....)
>
> If I try to access share \\mediasrvsamba\data from a winxp pc where 
> I'm logged as CHILD\user I get an error in the logs saying "couldn't 
> find user MEDIA\user".
> I guess it cannot find it because it is searching in the parent domain 
> rather than the child domain.
>
> Thanks very much for any help, hope I've been able to explain myself.
> Simone
>
>
> -- 
> Email.it, the professional e-mail, gratis per te: http://www.email.it/f
>
> Sponsor:
> La vera mozzarella di Bufala Campana la trovi fresca su 
> Terrasolis.com, provala!
> Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2499&d=15-9




More information about the samba mailing list