[Samba] Samba Member Server and authenticating trusted domain users
Carsten Maul
carsten_maul at gmx.de
Fri Jan 6 04:43:45 MST 2012
Hello,
I have a samba 3.6.1 (Debian testing) member server in a Windows 2K8 Domain with the name DomaA. The DomA PDC trusts a second Win2K3 domain controller responsible for DomB.
All users from DomA can access the samba server without problems.
Now I want to allow users from the trusted domain DomB to access the samba server.
When a user tries to authenticate the smb/cifs login to the share fails,
I get the following winbind log in log.wb-DOMB
[2012/01/06 10:51:17.018523, 3] libsmb/cliconnect.c:1840(cli_session_setup_spnego)
got principal=pdc$@DOMB
[2012/01/06 10:51:17.018673, 10] libads/kerberos.c:191(kerberos_kinit_password_ext)
kerberos_kinit_password: as SAMBA-1$@NETTETAL.PIERBURG.LOCAL using [MEMORY:cliconnect] as ccache and config [(null)]
[2012/01/06 10:51:18.553682, 3] libsmb/cliconnect.c:1883(cli_session_setup_spnego)
cli_session_setup_spnego: using target hostname not SPNEGO principal
[2012/01/06 10:51:18.553770, 3] libsmb/cliconnect.c:1927(cli_session_setup_spnego)
cli_session_setup_spnego: guessed server principal=cifs/pdc.DOMB at DOMB
[2012/01/06 10:51:18.553805, 2] libsmb/cliconnect.c:1433(cli_session_setup_kerberos_send)
Doing kerberos session setup
[2012/01/06 10:51:19.058406, 1] libsmb/clikrb5.c:799(ads_krb5_mk_req)
ads_krb5_mk_req: smb_krb5_get_credentials failed for cifs/pdc.DOMB at DOMB (Server not found in Kerberos database)
In my smb.conf I enabled:
allow trusted domains = yes
In my krb5.conf I configured:
DOMB = {
kdc = PDC at DOMB:88
admin_server = PDC at DOMB
default_domain = DOMB
}
Testing kinit works:
kinit username at DOMB is successfull.
So my question ist: am I missing something?
Thanks in advance for any help
More information about the samba
mailing list