[Samba] winbind join ad via the trust forest's child domain user failed.

[Rowland Penny]

On Sat, 01 Oct 2016 23:20:01 +0000
Fay zhang via samba <samba at lists.samba.org> wrote:

> Hi all,
> I want to let linux server join ad by using a trust ad's child domain
> user, but failed with error.
> below is my env and what I have try
> 
> I have 3 domain controller: test.com,demo.com and chn.demo.com
> 
> test.com with demo.com is two way trust. and chn.demo.com is the child
> domain of demo.com
> 
>  demo at demo.com chn at chn.demo.com can  join ad member to test.com
> 
> I have tested demo at demo.com chn at chn.demo.com let win server  join the
> test.com domain  all is ok.
> 
> but when I do this under linux(centos7) via
> winbind(samba-winbind-4.2.10-7.el7_2.x86_64)  demo at demo.com is ok,
> but chn at chn.demo.com just can't work.
> 
> success:
> [root at test01 ~]# net ads join -U demo at demo.com%Test123
> Using short domain name -- TEST
> Joined 'TEST01' to dns domain 'test.com'
> 
> 
> with error:
> [root at test01 ~]# net ads join -U chn at chn.demo.com%Test123
> Failed to join domain: failed to lookup DC info for domain 'TEST.COM
> <http://test.com/>' over rpc: Logon failure
> [root at test01 ~]# net ads join -U chn\\chn%Demo123
> kerberos_kinit_password chn at TEST.COM failed: Client not found in
> Kerberos database
> Failed to join domain: failed to connect to AD: Client not found in
> Kerberos database
> 
> 
> Is anybody know weather  I miss something ? or how to use  child
> domains user join ad via winbind?
> 
> thanks
> Firxiao

AS far as I am aware, child domains are not (yet) supported

Rowland