[Samba] logon Samba workstation domain with Active Directory trustdom account issue

Romain gromly at gmail.com
Sat Dec 15 04:31:21 MST 2012


Hello list,

Sorry to top again but do we need Kerberos on Samba server to make this
work ?

Regards,

2012/12/14 Romain <gromly at gmail.com>

> Hi,
>
> I made a mistake, we have Samba 3.5.3.
>
> Can somebody help ?
>
> Regards,
> Romain
>
>
> 2012/12/13 Romain <gromly at gmail.com>
>
>> Hello samba list,
>>
>> I'm close to be able to make this work but I just need a bit help. Here
>> is the situation:
>>
>> - Windows 2008 R2 x64 Domain Controller: domain ES01
>>
>> - Samba 3.4.3 Domain Controller:domain ES02
>>
>> - Windows Seven Workstation (SSO4): on domain ES02
>>
>> - Window Xp Workstation (SSO2): on domain ES01
>>
>> We put a both side trust relationship and seems to work regarding command
>> "net rpc trustdom list".
>>
>> *[root at localhost ~]# net rpc trustdom list*
>> *Enter root's password:*
>> *Trusted domains list:*
>> *
>> *
>> *ES01                S-1-5-21-1816646249-803782145-3669927669*
>> *
>> *
>> *Trusting domains list:*
>> *
>> *
>> *ES01                S-1-5-21-1816646249-803782145-3669927669*
>>
>>
>> Now, here is the issue:
>>
>> We can logon domain ES01 with Windows account from Windows Xp Workstation
>> (normal use)
>> We can logon domain ES01 with Samba account from Windows Xp Workstation
>> (that's outgoing trust relationship's work)
>> We can logon domain ES02 with samba account (pretty normal use)
>> *We CAN'T logon domain ES02 with Windows Account (and unfortunatly,
>> that's what we need to go further)*
>>
>> I join you all my configuration files and SS4 workstation log while I try
>> to log with "tata" account from ES01 windows domain.
>>
>> As you can see in smb.conf, we tried some custom tricks to make winbind
>> working...
>>
>> Hope you will give us a fresh idea that we didn't think about.
>>
>> Regards,
>> Romain
>>
>
>


More information about the samba mailing list