[SOLVED] Samba and forest of MS Domain

[romanov.df]

Hello gentlemen!
There are two domains - D1 and D2
Between them, a trust relationship, ie users can log in to the same domain on the account of another.

Server on 9.1.0.1 - Sandstorm (457). Samba 3.6.9
When logging in the domain D1 through command "net join" in the output of wbinfo-u-g no user and group D2. And just the opposite, when they log in D2 do not have any of the D1.

Immediately after logging into the domain

Code: Select all

# Wbinfo-m
BUILTIN
SHD
D1

Before it was set to SentOS 5, like in Kerberos - worked fine in both domains.

Now checked on CentOS 6.3 with configs from NAS4Free.

Code: Select all

$ Wbinfo-m
BUILTIN
SHD_LOGON
D2
D1

Code: Select all

$ Wbinfo-u
terentyev_du
palkus_va
romanov
new_test
testuser
D1 + krt1 $
D1 + administrator
D1 + pasha
D1 + guest
D1 + krbtgt

I apologize for the translation.

[daoyama]

There are two domains - D1 and D2
Between them, a trust relationship, ie users can log in to the same domain on the account of another.

I don't have two ADs, but the config have by default:

allow trusted domains = No

Please, try to add following to Auxiliary parameters:

allow trusted domains = Yes

Thanks,
Daisuke Aoyama

[romanov.df]

Thanks, all good.

In http://www.samba.org/samba/docs/man/man ... onf.5.html says that by default this option is enabled.