[Samba] Can't authenticate users from both domains in forest

Roger Roden rroden at gmail.com
Fri Sep 19 04:20:16 GMT 2008

I have 2 domains in my forest. I need to allow users from both DomA (The
forest root and the Domain the server is joined to) and DomB to log in. All
works fine with DomA, but no one from DomB can log in. wbinfo --domain=DOMB
-u returns error looking up domain users. wbinfo -D DOMB returns the

Name              : DOMB
Alt_Name          : DOMB.local
SID               : S-1-5-21-1846896199-2149236580-2910475250
Active Directory  : No
Native            : No
Primary           : No
Sequence          : -1

I can get a kerberos ticket from DomB.

Here is my smb.conf

# Generated by authconfig on 2008/09/17 12:52:21
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

  workgroup = DOMA
  password server = ad01.doma.local
  realm = DOMA.LOCAL
  security = ads
  idmap uid = 16777216-33554431
  idmap gid = 16777216-33554431
  template shell = /bin/bash
  template homedir = /home/%U
  winbind use default domain = false
  winbind offline logon = false


       log level = 3
       server string = Samba Server Version %v
       client use spnego = yes
       passdb backend = tdbsam
       wins server = AN.I.P.ADDRESS
       cups options = raw
I'm running CentOS 5 and Samba 3.0.28. All AD Servers are 2003 R2.


More information about the samba mailing list