[Samba] Samba and cross forest domain trust
Joe Ammann
joe at pyx.ch
Wed May 13 21:28:13 GMT 2009
Hi
I'm trying to get a setup working with 2 separate AD forests (both 2003 R2
based). Let's call them PROD.x.ch and DEV.x.ch. There is a one way cross
forest trust from DEV to PROD (hope I said this the right way), so that
authenticated principals in PROD can access resources from DEV.
The setup works in principle, a user logged into a PROD Windows PC can access
Shares from a DEV Windows Server (given the correct access rights, etc.)
Now I tried to also access shares from a Samba server (SuSE Linux Enterprise
10, SP1). The linux server is successfully joined into the DEV domain, user
authentication for logging into the linux system with winbind into the DEV
domain works like a charm.
But accessing the shares does not work. I asked Google, and some posting
seemed to suggest that such setups really only work from Samba 3.2 onwards
(SLES 10 has 3.0.32) So I ugpraded to the 3.3.4 RPMs from Sernet, still no
luck. The errors I see are something like
[2009/05/13 13:29:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(686)
ads_krb5_mk_req: krb5_get_credentials failed for dc1$@PROD.X.CH (Server not
found in Kerberos database)
[2009/05/13 13:29:57, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(624)
cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not found
in Kerberos database
Before I go on and try to isolate the error: Do I have any chance to get such
a setup to work?
Many thanks for listening.
--
CU, Joe
More information about the samba
mailing list