[Samba] AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
Nathaniel W. Turner
nathanielwyliet at gmail.com
Tue Oct 29 15:13:59 UTC 2019
On Tue, Oct 29, 2019 at 5:37 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
>
> If you require help setting up Unix domain members with winbind, can I
> suggest you read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Well, I was not having problems with the actual process of joining using
"realm join --client-software=winbind". The resulting membership also
appears be mostly functional, as I was able to authenticate users in all
trusted domains (via the localhost samba test I described in my first
message, or directly, using "wbinfo -a" or "ntml_auth").
However, since it seemed important, I tried starting from scratch using the
wiki instructions you linked to above. These seem to be incomplete, as with
that approach, I am unable to join at all. The document first says to
delete your smb.conf, and then only discusses setting up the id mapping
section. I assume there are other things that need to go in there, but I
was attempting to follow the instructions exactly, so that folks would
consider my test to be valid. Have you tried following those instructions
recently?
(Btw, I should mention that yes, forward and reverse DNS is configured
correctly here.)
n
More information about the samba
mailing list