Hi, I've been searching a solution for this with no luck for the last 5 days, so I thought I'd finally need help. We have a ADS primary domain, samba 3.0..4-6.3E on RHEL as a domain member. The parent domain say MEDIA.COM has a child domain CHILD.MEDIA.COM. People from the parent domain can access tha shares with no problem , but I can't find a way to make users from the child domain access any share. We use winbind for auth, and security=ads. I've been trying to add valid users to the share via: valid users = CHILD\user CHILD.MEDIA.COM\user Here's a short cut of my smb.conf : realm : MEDIA.COM auth methods = winbind security = ads password server = ip_parentdomain_dc ip_childdomain_dc and here's krb5.conf: [realms] MEDIA.COM = { kdc = ip_parentdomain_dc:88 admin_server = ip_parentdomain_dc:749 default_domain = media.com } [domain_realm] media.com = MEDIA.COM .media.com = MEDIA.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf (this file doesn't exist.....) If I try to access share \\mediasrvsamba\data from a winxp pc where I'm logged as CHILD\user I get an error in the logs saying "couldn't find user MEDIA\user". I guess it cannot find it because it is searching in the parent domain rather than the child domain. Thanks very much for any help, hope I've been able to explain myself. Simone -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: La vera mozzarella di Bufala Campana la trovi fresca su Terrasolis.com, provala! Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2499&d=15-9
I'll try to post it again...... Have a nice day Simone wrote:> Hi, > I've been searching a solution for this with no luck for the last 5 > days, so I thought I'd finally need help. > We have a ADS primary domain, samba 3.0..4-6.3E on RHEL as a domain > member. The parent domain say MEDIA.COM has a child domain > CHILD.MEDIA.COM. People from the parent domain can access tha shares > with no problem , but I can't find a way to make users from the child > domain access any share. We use winbind for auth, and security=ads. > I've been trying to add valid users to the share via: > valid users = CHILD\user CHILD.MEDIA.COM\user > > Here's a short cut of my smb.conf : > > realm : MEDIA.COM > auth methods = winbind > security = ads > password server = ip_parentdomain_dc ip_childdomain_dc > > and here's krb5.conf: > > [realms] > MEDIA.COM = { > kdc = ip_parentdomain_dc:88 > admin_server = ip_parentdomain_dc:749 > default_domain = media.com > } > > [domain_realm] > media.com = MEDIA.COM > .media.com = MEDIA.COM > > [kdc] > profile = /var/kerberos/krb5kdc/kdc.conf (this file doesn't exist.....) > > If I try to access share \\mediasrvsamba\data from a winxp pc where > I'm logged as CHILD\user I get an error in the logs saying "couldn't > find user MEDIA\user". > I guess it cannot find it because it is searching in the parent domain > rather than the child domain. > > Thanks very much for any help, hope I've been able to explain myself. > Simone > > > -- > Email.it, the professional e-mail, gratis per te: http://www.email.it/f > > Sponsor: > La vera mozzarella di Bufala Campana la trovi fresca su > Terrasolis.com, provala! > Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2499&d=15-9