[Samba] AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"

Nathaniel W. Turner nathanielwyliet at gmail.com
Tue Oct 29 15:13:59 UTC 2019

On Tue, Oct 29, 2019 at 5:37 AM Rowland penny via samba <
samba at lists.samba.org> wrote:

> If you require help setting up Unix domain members with winbind, can I
> suggest you read this:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Well, I was not having problems with the actual process of joining using
"realm join --client-software=winbind". The resulting membership also
appears be mostly functional, as I was able to authenticate users in all
trusted domains (via the localhost samba test I described in my first
message, or directly, using "wbinfo -a" or "ntml_auth").

However, since it seemed important, I tried starting from scratch using the
wiki instructions you linked to above. These seem to be incomplete, as with
that approach, I am unable to join at all. The document first says to
delete your smb.conf, and then only discusses setting up the id mapping
section. I assume there are other things that need to go in there, but I
was attempting to follow the instructions exactly, so that folks would
consider my test to be valid. Have you tried following those instructions

(Btw, I should mention that yes, forward and reverse DNS is configured
correctly here.)


More information about the samba mailing list