Hi, I have a linux box that is joined to a windows domain (DOMAIN.A.local), users from the DOMAIN.A.local can login perfectly. DOMAIN.A.local trusts another domain (DOMAIN.B.local), users from DOMAIN.B.local cannot login, but it deos seem to be able to enumerate the users and groups from DOMAIN.B.local
(windows boxes log with the trusted domain users fine)
Firstly is it actually possible to configure the Linux to allow logins from trusted domains.
Secondly if it is possible what config settings do I need to get it to work.
below is what I currently have configured
smb.config
[global]
work = domain-a
security = ads
allow trusted domain = yes
realm = domain.a.local
password server = dc.domain.a.local
domain logons = no
templates homedir = /home/%D/%U
template shell = /bin/bash
winbind enum groups = yes
winbind enum users = yes
winbind user defualt domain = yes
domain master = no
local masster = no
preferred master = no
os level = 0
idmap config *:backend = tdb
idmap config *:range = 11000-20000
idmap config DOMAIN-A.local:backend = rid
idmap config DOMAIN-A.local:range=10000000-15000000
idmap config DOMAIN-B.local:backend = rid
idmap config DOMAIN-B.local:range=15000001-19000000
krb5.conf
[libdefaults]
default_realm = DOMAIN-A.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwadable = true
[realms]
DOMAIN-A.LOCAL = {
kdc = domain-a.local
admin_server = dc.domain.a.local
}
#commented out as I'm not sure if these are needed
#DOMAIN-B.LOCAL = {
#kdc = domain-a.local
#admin_server = dc.domain.a.local
[domain_realms]
.domain-a.local = DOMAIN-A.LOCAL
domain-a.local = DOMAIN-A.LOCAL
#commented out as I'm not sure if these are needed
#.domain-b.local = DOMAIN-A.LOCAL
#domain-b.local = DOMAIN-A.LOCAL
wbinfo -m
BUILTIN
HOST)
DOMAIN-A
DOMAIN-B
wbinfo --online-status
BUILTIN : online
HOST): online
DOMAIN-A : online
DOMAIN-B : offline
wbinfo -u
admin
guest
krbrgt
aaron
id
aaron@domain.a.local
uid=11005 (aaron) guid=11004(domain users) groups=11004(domain users),11001(BUILTIN\users)
id
bob@domain.b.local
uid=11007 (domain-b\bob) gid=11024(domain-b\domain users) groups=11024(domain-b\domain users)
any help with this would be greatly appreciated.