[Samba] winbind join ad via the trust forest's child domain user failed.
Fay zhang
firxiaowork at gmail.com
Sat Oct 1 23:20:01 UTC 2016
Hi all,
I want to let linux server join ad by using a trust ad's child domain user,
but failed with error.
below is my env and what I have try
I have 3 domain controller: test.com,demo.com and chn.demo.com
test.com with demo.com is two way trust. and chn.demo.com is the child
domain of demo.com
demo at demo.com chn at chn.demo.com can join ad member to test.com
I have tested demo at demo.com chn at chn.demo.com let win server join the
test.com domain all is ok.
but when I do this under linux(centos7) via
winbind(samba-winbind-4.2.10-7.el7_2.x86_64) demo at demo.com is ok,
but chn at chn.demo.com just can't work.
success:
[root at test01 ~]# net ads join -U demo at demo.com%Test123
Using short domain name -- TEST
Joined 'TEST01' to dns domain 'test.com'
with error:
[root at test01 ~]# net ads join -U chn at chn.demo.com%Test123
Failed to join domain: failed to lookup DC info for domain 'TEST.COM
<http://test.com/>' over rpc: Logon failure
[root at test01 ~]# net ads join -U chn\\chn%Demo123
kerberos_kinit_password chn at TEST.COM failed: Client not found in Kerberos
database
Failed to join domain: failed to connect to AD: Client not found in
Kerberos database
Is anybody know weather I miss something ? or how to use child domains
user join ad via winbind?
thanks
Firxiao
More information about the samba
mailing list