[Samba] samba4 domain member and multiple domains

[Henrik Hudson]

Hello.

I've got a samba4 domain member server. It works fine for the joined
domain, but I'm not able to let user from a different domain get
access. This worked fine on my samba3 member server, but I don't
remember if I did anything special.

I do have authentication set on the AD object for the users in
question and we have a one-way trust with the other domain. All DCs
are Windows servers.

DOMA = my domain
DOMB = other domain

wbinfo -m   lists both domains, among others
wbinfo --online-status shows DOMA as online, DOMB as offline

wbinfo -D DOMA works and shows everything as "Yes".
wbinfo -D DOMB works, but shows everything as "No", including the
"Active Directory" field. My samba3 machine shows "Yes".

wbinfo -i DOMA\user works.
wbinfo -i DOMB\user doesn't. I'm 100% positive the user exists. This
works on my Samba3 machine. On samba4 it throws:
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user DOMB\user


My samba3 machine doesn't even have a krb5.conf file, although it
generated one in /var/db/samba . DOMB isn't listed in it.

My current krb5.conf:
[libdefaults]
	default_realm = DOMA
	clockskew = 300
	dns_lookup_realm = true
	dns_lookup_kdc = true
	forwardable = yes

[domain_realm]
	DOMA = DOMA
	.DOMA = DOMA
	DOMB.realm = DOMB.realm
	.DOMB.realm = DOMB.realm


[realms]
DOMA = {
        kdc = ds1.DOMA.realm
        kdc = ds2.DOMA.realm
        kdc = ds3.DOMA.realm

        admin_server = ds1.DOMA
        default_domain = DOMA

}

DOMB.realm = {
        kdc = dc05.DOMB.realm
        kdc = dc07.DOMB.realm
        kdc = dc08.DOMB.realm
        admin_server = dc05.DOMB.realm
        default_domain = DOMB.realm


}
How do I get my DOMB to be "active directory" enabled and be marked "online"?


henrik


-- 
Henrik Hudson
lists at rhavenn.net
-----------------------------------------
"God, root, what is difference?" Pitr; UF