[Samba] Winbind with krb5auth for trust users
Andreas Hauffe
andreas.hauffe at tu-dresden.de
Wed Aug 23 05:29:27 UTC 2017
Hi,
thanks for the answer. Just to repeat, cause I have to decide what to do.
I would be able to realize a authentication WITHOUT krb5auth in case of a one way external trust for trusted Domain users (wbinfo -a).
I would NOT be able to realize a authentication WITH krb5auth in case of a one way external trust for trusted Domain users (wbinfo -K).
Is there a other trust type, e.g. forest trust, which is possible to use if the trust is one way?
Regards,
Andreas
________________________________________
Von: samba <samba-bounces at lists.samba.org> im Auftrag von Rowland Penny via samba <samba at lists.samba.org>
Gesendet: Dienstag, 22. August 2017 17:42
An: samba at lists.samba.org
Betreff: Re: [Samba] Winbind with krb5auth for trust users
On Tue, 22 Aug 2017 17:18:59 +0200
Andreas Hauffe via samba <samba at lists.samba.org> wrote:
> Hi,
>
> the external trust, we have, is a one directional external trust. So
> users of the trusted dom can logon on local dom clients, but not the
> other way around. In case of "wbinfo -a" all communication is between
> the client and the domain controller of the local domain, which is
> the proxy for the auth process. In case of "wbinfo -K" all
> communication is between the client and a trusted domain controller
> and the client do not have any rights/credentials there. Perhaps,
> that's way I'm getting a
>
> No logon servers Could not authenticate user [GLOBALDOM\globdomuser]
> with Kerberos
>
Ah, I do not think that Samba supports one way trusts (yet)
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list