[Samba] Strange Problem with Samba and WIndows 2012 Domain forest
Ricardo Carlini Sperandio
rcarlini at gmail.com
Tue Mar 12 14:16:41 MDT 2013
Hello,
I work in a corp with a lot of active directory domains (20 in total)
in a forest, these 18 are in windows 2003 with '2003 level mode' and
twin in AD 2012 with '2012 level mode'.
There is a domain hierarchy like this:
. Domain2003A <----------Trust
relation------------->Doman2012X<------Trust relation----->Domain2012Y
|- Domain2003B
|- Domain2003C
.
.
.
|-Domain2003R
The problem is:
When I put the Linux machine with Samba 3.5.x or 3.6.x in Domain2003C
(son of Domain2003A) all users in domains sons of Domain2003A
(Domain2003A...Domain2003R) can login on this. But users of Domain2012X
(and 2012Y) can't do.
When I did a winbind -D domain2012X I got:
In Samba 3.5.x
Could not get domain info
in Samba 3.6.x
failed to call wbcDomainInfo: WBC_ERR_DOMAIN_NOT_FOUND
Could not get domain info
But in Samba 3.4.x (x = 8 and 17):
wbinfo -D DOMAIN2012X
Name : DOMAIN2012X
Alt_Name : domain.2012.a.com
SID : S-1-5-21-2994637511-790031978-1797744665
Active Directory : Yes
Native : Yes
Primary : No
And when I included the Linux Machine in DOMAIN2012X with samba 3.6.x
only users from Doman2012X and Doman2012Y could logon on it.
winbind -m didn't show the Domain2003A and his sons.
I put the Linux Samba machine in domain (in all cases) with the command:
net ads join -U userAdd
My security mode in smb.conf is ads and I have krb5.conf and smb.conf's
realm configured.
So, what's the possible problem?
Regards
Ricardo
More information about the samba
mailing list