[Samba] AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
rpenny at samba.org
Tue Oct 29 15:35:28 UTC 2019
On 29/10/2019 15:13, Nathaniel W. Turner via samba wrote:
> On Tue, Oct 29, 2019 at 5:37 AM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>> If you require help setting up Unix domain members with winbind, can I
>> suggest you read this:
> Well, I was not having problems with the actual process of joining using
> "realm join --client-software=winbind". The resulting membership also
> appears be mostly functional, as I was able to authenticate users in all
> trusted domains (via the localhost samba test I described in my first
> message, or directly, using "wbinfo -a" or "ntml_auth").
As far as I am aware, 'realm join' is a wrapper around 'net ads join'
and just because wbinfo works it doesn't mean that Unix knowns the AD
users and groups.
> However, since it seemed important, I tried starting from scratch using the
> wiki instructions you linked to above. These seem to be incomplete, as with
> that approach, I am unable to join at all. The document first says to
> delete your smb.conf,
It doesn't any more ;-)
> and then only discusses setting up the id mapping
> section. I assume there are other things that need to go in there, but I
> was attempting to follow the instructions exactly, so that folks would
> consider my test to be valid. Have you tried following those instructions
Yes, you are quite right, they do need updating, the only problem is how
? Just what should be in a default smb.conf ? I will think about this.
More information about the samba