[Samba] logon Samba workstation domain with Active Directory trustdom account issue

Romain gromly at gmail.com
Thu Dec 13 12:44:18 MST 2012

Hello samba list,

I'm close to be able to make this work but I just need a bit help. Here is
the situation:

- Windows 2008 R2 x64 Domain Controller: domain ES01

- Samba 3.4.3 Domain Controller:domain ES02

- Windows Seven Workstation (SSO4): on domain ES02

- Window Xp Workstation (SSO2): on domain ES01

We put a both side trust relationship and seems to work regarding command
"net rpc trustdom list".

*[root at localhost ~]# net rpc trustdom list*
*Enter root's password:*
*Trusted domains list:*
*ES01                S-1-5-21-1816646249-803782145-3669927669*
*Trusting domains list:*
*ES01                S-1-5-21-1816646249-803782145-3669927669*

Now, here is the issue:

We can logon domain ES01 with Windows account from Windows Xp Workstation
(normal use)
We can logon domain ES01 with Samba account from Windows Xp Workstation
(that's outgoing trust relationship's work)
We can logon domain ES02 with samba account (pretty normal use)
*We CAN'T logon domain ES02 with Windows Account (and unfortunatly, that's
what we need to go further)*

I join you all my configuration files and SS4 workstation log while I try
to log with "tata" account from ES01 windows domain.

As you can see in smb.conf, we tried some custom tricks to make winbind

Hope you will give us a fresh idea that we didn't think about.


More information about the samba mailing list