[Samba] Samba Member Server and authenticating trusted domain users

Carsten Maul carsten_maul at gmx.de
Fri Jan 6 04:43:45 MST 2012


I have a samba 3.6.1 (Debian testing) member server in a Windows 2K8 Domain with the name DomaA. The DomA PDC trusts a second Win2K3 domain controller responsible for DomB.
All users from DomA can access the samba server without problems.

Now I want to allow users from the trusted domain DomB to access the samba server.

When a user tries to authenticate the smb/cifs login to the share fails,
I get the following winbind log in log.wb-DOMB

[2012/01/06 10:51:17.018523,  3] libsmb/cliconnect.c:1840(cli_session_setup_spnego)
  got principal=pdc$@DOMB
[2012/01/06 10:51:17.018673, 10] libads/kerberos.c:191(kerberos_kinit_password_ext)
  kerberos_kinit_password: as SAMBA-1$@NETTETAL.PIERBURG.LOCAL using [MEMORY:cliconnect] as ccache and config [(null)]
[2012/01/06 10:51:18.553682,  3] libsmb/cliconnect.c:1883(cli_session_setup_spnego)
  cli_session_setup_spnego: using target hostname not SPNEGO principal
[2012/01/06 10:51:18.553770,  3] libsmb/cliconnect.c:1927(cli_session_setup_spnego)
  cli_session_setup_spnego: guessed server principal=cifs/pdc.DOMB at DOMB
[2012/01/06 10:51:18.553805,  2] libsmb/cliconnect.c:1433(cli_session_setup_kerberos_send)
  Doing kerberos session setup
[2012/01/06 10:51:19.058406,  1] libsmb/clikrb5.c:799(ads_krb5_mk_req)
  ads_krb5_mk_req: smb_krb5_get_credentials failed for cifs/pdc.DOMB at DOMB (Server not found in Kerberos database)

In my smb.conf I enabled:
allow trusted domains = yes

In my krb5.conf I configured:
    DOMB = {
        kdc = PDC at DOMB:88
        admin_server = PDC at DOMB
        default_domain = DOMB

Testing kinit works:
kinit username at DOMB is successfull.

So my question ist: am I missing something?

Thanks in advance for any help

More information about the samba mailing list