[Samba] can't auth against more then 1 domain
Doug Tucker
tuckerd at lyle.smu.edu
Wed Nov 13 12:54:47 MST 2013
I have 2 samba servers. One with centos5+samba 3.033 that has been in
service for a few years now. I have installed a centos6+samba 3.6.9. I
followed the how-to I did with the first one, copied over the krb5.conf
and smb.conf from the working server and all seemed to go well. It is a
member server of a window AD. We have 2 DC's that are part of the same
forest: SEAS and SEAS-S. I joined the new one like the old one to the
SEAS domain. The problem I have run into is the new server will only
auth users in the domain it is joined to (SEAS) and cannot get get users
from SEAS-S. If I check for trusted domains net rpc trustdom SEAS-S
shows up under trusted and trusting. If I do wbinfo -u | grep SEAS I
get a full list of users in the SEAS domain. But wbinfo -u | grep
SEAS-S comes back blank.
I don't know what to provide to help solved this so I'll post some
basics I guess.
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = SEAS.ENGR.SMU.EDU
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = true
[realms]
SEAS.ENGR.SMU.EDU = {
kdc = seas.engr.smu.edu:88
admin_server = seas.engr.smu.edu:749
default_domain = engr.smu.edu
}
SEAS-S.ENGR.SMU.EDU = {
kdc = seas-s.engr.smu.edu:88
admin_server = seas-s.engr.smu.edu:749
default_domain = engr.smu.edu
}
[domain_realm]
.engr.smu.edu = SEAS.ENGR.SMU.EDU
engr.smu.edu = SEAS.ENGR.SMU.EDU
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Globals of smb.conf:
workgroup = SEAS
realm = SEAS.ENGR.SMU.EDU
security = ADS
encrypt passwords = yes
passdb backend = tdbsam
obey pam restrictions = no
invalid users = root
username map = /etc/samba/domain_user.map
winbind separator = +
winbind cache time = 600
idmap uid = 19000-20000
idmap gid = 19000-20000
Please let me know what else I may provide to help solve this. I found
some threads on this issue that were several years old in regard to
3.028 having this issue and it was patched in a later release. I can't
find anything current about this. Thank you in advance.
--
Sincerely,
Doug Tucker
More information about the samba
mailing list