[Samba] Authenticating another domain

Trimble, Ronald D Ronald.Trimble at unisys.com
Thu Feb 16 15:35:54 GMT 2006


When  I attempt to authenticate a user from another domain, I am seeing
some strange issues.  My winbindd.log shows that I am indeed already
trusting the other domain.  (I am a member of the na.uis.unisys.com
domain.)  However, when I try to gain access to a share where the
username EU\INBLR-AUTH1 has access, I get prompted for a username and
password over and over.  Obviously, it can't authenticate the user.  I
have included the errors from the appropriate log below.  Can anyone
point me towards a working solution?

 

>From the winbindd.log

 

[2006/02/16 10:18:02, 2]
nsswitch/winbindd_util.c:add_trusted_domain(166)

  Added domain EU eu.uis.unisys.com
S-1-5-21-606747145-879983540-1177238915

 

>From the samba log for the machine I am trying to connect from...

 

[2006/02/16 10:26:38, 2] smbd/sesssetup.c:setup_new_vc_session(704)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.

[2006/02/16 10:26:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(263)

  Username EU\inblr-auth1 is invalid on this system

[2006/02/16 10:26:38, 2] smbd/server.c:exit_server(612)

  Closing connections

 

My smb.conf

 

[global]

        workgroup = NA

        realm = NA.UIS.UNISYS.COM

        netbios name = ustr-linux-1

        encrypt passwords = yes

        security = ADS

        password server = 192.63.225.67

        passdb backend = smbpasswd

        log level = 2

        syslog = 0

        log file = /var/log/samba/%m.log

        max log size = 5000

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

#       winbind separator = +

        winbind use default domain = no

        winbind uid = 16777216-33554431

        winbind gid = 16777216-33554431

        winbind enum users = yes

        winbind enum groups = yes

        template homedir = /home/%D/%U

        template shell = /bin/bash

        admin users = root, NA\username, +"NA\groupname"

        nt acl support = yes

        map acl inherit = yes

 

#       printer setup

        load printers = yes

        use client driver = no

        printing = cups

        printcap name = cups

        printer admin = root, NA\TRIMBLRD, +"NA\EPS Admin"

 

        server string = USTR-LINUX-1 Samba Server



More information about the samba mailing list