[Samba] Strange Problem with Samba and WIndows 2012 Domain forest

Ricardo Carlini Sperandio rcarlini at gmail.com
Tue Mar 12 14:16:41 MDT 2013


   I work in a corp with a lot of active directory domains (20 in total) 
in a forest,  these 18 are in windows 2003 with '2003 level mode' and 
twin in AD 2012 with  '2012 level mode'.

  There is a domain hierarchy like this:

. Domain2003A <----------Trust 
relation------------->Doman2012X<------Trust relation----->Domain2012Y
|- Domain2003B
|- Domain2003C

The problem is:
When I put the Linux machine with Samba 3.5.x or 3.6.x   in  Domain2003C 
(son of Domain2003A) all users in domains sons of Domain2003A  
(Domain2003A...Domain2003R) can login on this. But users of Domain2012X 
(and 2012Y) can't do.

When I did a winbind -D domain2012X I got:

In Samba 3.5.x
Could not get domain info

in Samba 3.6.x
failed to call wbcDomainInfo: WBC_ERR_DOMAIN_NOT_FOUND
Could not get domain info

But in Samba 3.4.x (x =  8 and 17):

wbinfo -D DOMAIN2012X
Name              : DOMAIN2012X
Alt_Name          : domain.2012.a.com
SID               : S-1-5-21-2994637511-790031978-1797744665
Active Directory  : Yes
Native            : Yes
Primary           : No

And when I included the Linux Machine in  DOMAIN2012X with samba 3.6.x 
only users from Doman2012X and Doman2012Y could logon on it.
winbind  -m didn't show the Domain2003A and his sons.

I put the Linux Samba machine in domain (in all cases) with the command: 
net ads join -U userAdd

My security mode in smb.conf is ads and I have krb5.conf and smb.conf's 
realm configured.

So, what's the possible problem?



More information about the samba mailing list