[Samba] probleme with samba 3.4.5-5.1 + winbind+ windows 2008 R2 + trusted domain
intartaglia.maximilien
max.intartaglia at ch-montperrin.fr
Tue Feb 9 04:33:45 MST 2010
The daemon winbind dont' trusted domains windows 2008 R
Help me please
I've got a probleme. My AD is a windows 2008 R2 (shéma 2003)
I have tow windows 2008 R2 rodc in my architecture.
The version of samba is : Version 3.4.5-3.1-2289-SUSE-CODE11
I have tow domain windows 2008 r2 in my architecture
Domain : medical
Domain administratif.
/samba/suse is join to the domain Medical.
Net ads testjoin:
Ok
My problem is the daemon winbind find all my user of domain medical but not the domain administratif.
I've find it's a problem of winbind (fix 7037 3.5rc2?)
Can you help me please:
The configuration :
/etc/krb5.conf:
[logging]
default = FILE:SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
[libdefaults]
default_realm = MEDICAL.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
clockskew = 3000
[realms]
MEDICAL.LOCAL = {
kdc = 172.22.45.5
admin_server = 192.168.11.70
default_domain = MEDICAL
}
ADMINISTRATIF.LOCAL = {
kdc = 172.22.45.1
admin_server = 192.168.11.40
default_domain = ADMINISTRATIF
}
MEDICAL = {
kdc = 172.22.45.5
admin_server = 192.168.11.70
}
ADMINISTRATIF = {
kdc = 172.22.45.1
admin_server = 192.168.11.40
}
[domain_realm]
medical.local = MEDICAL.LOCAL
.medical.local = MEDICAL.LOCAL
administratif.local = ADMINISTRATIF.LOCAL
.administratif.local = ADMINISTRATIF.LOCAL
MEDICAL.LOCAL = MEDICAL.LOCAL
.MEDICAL.LOCAL = MEDICAL.LOCAL
.ADMINISTRATIF.LOCAL = ADMINISTRATIF.LOCAL
ADMINISTRATIF = ADMINISTRATIF.LOCAL
.ADMINISTRATIF = ADMINISTRATIF.LOCAL
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
use_shmem = sshd
}
Samba :
# Samba config file created using SWAT
# from relais (127.0.0.1)
# Date: 2004/01/05 13:42:43
# Global parameters
[global]
log file = /var/log/samba/%m.log
allow trusted domains = yes
idmap gid = 10000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
realm = MEDICAL.LOCAL
winbind use default domain = no
dns proxy = no
printing = cups
idmap uid = 10000-20000
local master = no
domain master = no
preferred master = no
template homedir = /home/%D/%U
workgroup = MEDICAL
os level = 0
winbind refresh tickets = yes
winbind enum groups = Yes
winbind enum users = Yes
security = ADS
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
winbind separator = /
max log size = 1024
usershare allow guests = No
the test are here :
relay:~ # wbinfo -t
checking the trust secret via RPC calls succeeded
relay:~ # wbinfo -m
BUILTIN
RELAY
MEDICAL
ADMINISTRATIF
relay:~ #
wbinfo -u
I have only the user from medical and not from administratif
The log of /var/log/samba.log/wb-Administratif:
[2010/02/08 13:02:36, 1] winbindd/winbindd_ads.c:127(ads_cached_connection)
ads_connect for domain ADMINISTRATIF failed: Decrypt integrity check failed
but when I do this command (test user administratif) it's ok
wbinfo -a administratif/almacom
Enter administratif/almacom's password:
plaintext password authentication succeeded
Enter administratif/almacom's password:
challenge/response password authentication succeeded
More information about the samba
mailing list