[Samba] inter domain trust not working

Razvan Cosma rg at cosma.name
Tue Nov 6 02:20:48 MST 2012

I am trying to make a RHEL6 box (samba-winbind-3.5.10-125.el6.x86_64)
accept logins from a trusted domain; all is working fine for the primary
domain, pam_winbind+pam_mkhomedir allow logins for domain users, when
checking the trusted one though

# net rpc trustdom list -Utest%pass
 Trusted domains list:
 TRUSTED S-1-2-5-etcetc
 Unable to find a suitable server for domain TRUSTED
 domain controller is not responding: NT_STATUS_UNSUCCESSFUL
 TRUSTED              couldn't get domain's sid

There are no trusting domains set.

A tcpdump while running the above command shows the client connecting to
the primary domain controller (which also has all the other roles), then
making a DNS query for
 SRV? _ldap._tcp.pdc._msdcs.TRUSTED.
to which it gets a NXDomain
This query should not be made, and will not get an answer, the correct one
would be
SRV? _ldap._tcp.pdc._msdcs.TRUSTED.LOCAL
which does exist and returns all the SRV records as expected

Windows clients do work in the same network/VLAN; any hints on what makes
Samba choke after that query are greatly appreciated.

For reference,
workgroup = PRIMARY
password server = thedc.primary.local
winbind use default domain = no
security = ads
encrypt passwords = yes
 default_realm = PRIMARY.LOCAL
 dns_lookup_realm = yes
 dns_lookup_kdc = yes
 forwardable = false
 .primary.local = PRIMARY.LOCAL
 primary.local = PRIMARY.LOCAL
 .trusted.local = TRUSTED.LOCAL
 trusted.local = TRUSTED.LOCAL
(yes, the realm definitions are empty, as everything should work via DNS. I
have also tried specifying admin_server,default_domain and kdc for the
trusted realm, no dice)

thedc.primary.local is set in resolv.conf on the client

More information about the samba mailing list