[Samba] 回复: Fail to login from trusted AD: NT_STATUS_TRUSTED_DOMAIN_FAILURE

Sun, 08 Sep 2013 21:27:54 -0700 

Can someone kindly have a look?

kinit works well both for AD1 and AD2 but winbind -a still failed.

[root@dal05lnx02 ~]$ kinit xfwang@AD2.LOCAL
Password for xfwang@AD2.LOCAL:
[root@dal05lnx02 ~]$

[root@dal05lnx02 ~]$ kinit xfwang@AD2.LOCAL
Password for xfwang@AD2.LOCAL:
[root@dal05lnx02 ~]$


发件人: xfwangbest
发送时间: 2013-09-06 03:13
收件人: samba
主题: Fail to login from trusted AD: NT_STATUS_TRUSTED_DOMAIN_FAILURE

Hello

I have two MS AD 2008 let's say AD1 and AD2. They have bi-direction trusted 
relationship.  I have two linux servers joined into AD2, let's say LNX1 and 
LNX2.
On LNX1, it can authenticate any users both from AD1 or AD2. Howerver, on LNX2, 
it can only authenticate users in AD2 but failed against AD1. It reports 
NT_STATUS_TRUSTED_DOMAIN_FAILURE (0xc000018c).
I'm sure the smb.conf have the same settings on LNX1 and LNX2. I set the log 
level = 3 but find nothing helpful in the log. 

I attach the conf and error as following, hope somebody can give me some tips. 
Thanks

Leo


The core section in smb.conf:
[global]
   workgroup = AD1
   realm = AD1.LOCAL
   security = ads
   idmap config * : range = 16777216-33554431
   template shell = /bin/bash
   winbind use default domain = false
   winbind offline logon = false
   winbind enum users = yes
   winbind enum groups = yes

The error:
[root@dal05lnx02 samba]# wbinfo -a "AD1\username"%password
plaintext password authentication failed
Could not authenticate user AD1\username"%password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_TRUSTED_DOMAIN_FAILURE (0xc000018c)
error message was: Trusted domain failure
Could not authenticate user AD1\username with challenge/response
[root@dal05lnx02 samba]# wbinfo -a "AD2\username"%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

[root@dal05lnx01 samba]# wbinfo -a "AD1\username"%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
[root@dal05lnx01 samba]# wbinfo -a "AD2\username"%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to