[Samba] Trouble with trusted domains
mz at seh.de
Thu Apr 10 12:20:28 GMT 2008
perhaps someone can guide me, finding out what's going wrong in the
following scenario (Active Directory , Samba 3.0.20b same with 3.0.28a):
CHILD1.CONTOSO.COM <-trusts-> CONTOSO.COM <-trusts->CHILD2.CONTOSO.COM
| | |
User: CHILD1\testtest | Samba
CHILD1\testtest -> Vista : works (of course :-()
CHLID1\testtest -> Samba : password prompt (logon failure)
What I can see, is that Samba decodes the user correctly out of kerberos
ticket as testtest at child1.contoso.com.
Then, Samba (better to say: winbind) tries to resolve the shortened name
CHILD1\testtest into a SID.
winbind does this with a LSA RPC call to CHILD2 (not to CHILD1, where
the user comes from) and receives a "NO MAPPED USER" reply.
Now my question is: shouldn't Samba ask CHILD1 for the user
should CHILD2 know about user CHILD1\testtest?
Where lies the mistake?
Using rpcclient, I can resolve the name into a SID when addressing
CHILD1 *or* CONTOSO, but not CHILD2.
"wbinfo -n CHILD1\testtest" on Samba also fails.
More information about the samba