Web lists-archives.com

Re: [Samba] Winbind with krb5auth for trust users




Hi,

thanks for the answer. Just to repeat, cause I have to decide what to do.

I would be able to realize a authentication WITHOUT krb5auth in case of a one way external trust for trusted Domain users (wbinfo -a).
I would NOT be able to realize a authentication WITH krb5auth in case of a one way external trust for trusted Domain users (wbinfo -K).

Is there a other trust type, e.g. forest trust, which is possible to use if the trust is one way?

Regards,
Andreas
________________________________________
Von: samba <samba-bounces@xxxxxxxxxxxxxxx> im Auftrag von Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
Gesendet: Dienstag, 22. August 2017 17:42
An: samba@xxxxxxxxxxxxxxx
Betreff: Re: [Samba] Winbind with krb5auth for trust users

On Tue, 22 Aug 2017 17:18:59 +0200
Andreas Hauffe via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi,
>
> the external trust, we have, is a one directional external trust. So
> users of the trusted dom can logon on local dom clients, but not the
> other way around. In case of "wbinfo -a" all communication is between
> the client and the domain controller of the local domain, which is
> the proxy for the auth process. In case of "wbinfo -K" all
> communication is between the client and a trusted domain controller
> and the client do not have any rights/credentials there. Perhaps,
> that's way I'm getting a
>
> No logon servers Could not authenticate user [GLOBALDOM\globdomuser]
> with Kerberos
>

Ah, I do not think that Samba supports one way trusts (yet)

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba