[Samba] ADS + Samba

Wed Oct 26 15:00:54 GMT 2005

Hello Samba list! 

I have installed samba, joined it to the AD domain (lets say EXAMPLE.COM)
and can auth against it with kinit.

There are also 2 domains that we have a trust established with. Lets say
trust1 and trust2.

When I do a wbinfo -u I get:

Trust1+username
Trust2+username

I get nothing from the local domain.

I have a share set up for testing, but I cannot access it at all, I get
prompted for a username and password.

I will include the configs from everything at the bottom of this email. 

I'm sure it's something that I'm just overlooking, it usually is ;)

TIA

-reno

Configs:

Smb.conf

[global]
        netbios name = sambaserver
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind gid = 10000-20000
        workgroup = WORKGROUP <changed name to protect the innocent>
        os level = 20
        winbind enum groups = yes
        socket address = 192.168.1.2
        password server = ADSERVER
        preferred master = no
        winbind separator = +
        max log size = 50
        log file = /var/log/samba3/log.%m
        encrypt passwords = yes
        dns proxy = no
        realm = EXAMPLE.COM <once again, name change>
        security = ADSERVER
        wins server = 192.168.1.1
        wins proxy = no

[test]
        comment = Test Share
        writeable = yes
        path = /samba/test
        force user = DOMAIN+user
        browsable = yes
        available = yes

krb5.conf

[libdefaults]
        ticket_lifetime = 600
        default_realm = EXAMPLE.COM
        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
        default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
        EXAMPLE.COM = {
        kdc = adserver.example.com:88

nsswitch.conf

passwd:  compat winbind
group:  compat winbind
shadow:  compat
hosts:  files dns wins
networks:  files dns
protocols:  db files
services:  db files
ethers:  db files
rpc:  db files

kdc.conf

[kdcdefaults]
        kdc_ports = 88,750

[realms]
        EXAMPLE.COM = {
        database_name = /etc/krb5kdc/principal
        admin_keytab = /etc/krb5kdc/kadm5.keytab
        acl_file = /etc/krb5kdc/kadm5.acl
        dict_file = /etc/krb5kdc/kadm5.dict
        key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM
        kadmind_port = 749
        max_life = 10h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
        master_key_type = des3-hmac-sha1
        supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
        }