samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] Windows 2008 R2 / one way trust / Samba

Re: [Samba] Windows 2008 R2 / one way trust / Samba

From: Duffey, Blake A. <Blake.Duffey_at_nospam>
Date: Thu May 06 2010 - 19:33:05 GMT
To: <samba@lists.samba.org>

I'm pretty sure Windows 2003 domain is native 2k3

I don't believe these settings are specific to Windows 2008 R2. Before
I upgraded the 'lab' domain (from 2008 to 2008R2), things worked
(although I think it was using NTLM, which isn't optimal)

I should have added - we aren't using winbind

-----Original Message-----
From: samba-bounces@lists.samba.org
[mailto:samba-bounces@lists.samba.org] On Behalf Of Gaiseric Vandal
Sent: Thursday, May 06, 2010 3:17 PM
To: samba@lists.samba.org
Subject: Re: [Samba] Windows 2008 R2 / one way trust / Samba

Was the Win 2003 domain in mixed mode or 2000/2003 native?

Also, Win 2008 has some security settings changes that you may want to
change back to "weaker" settings.

http://support.microsoft.com/kb/889030/en-us

Does "wbinfo -u" on the linux machine list users in the trusted
(corporate) domain? If so, does "getent passwd" show them? (Presuming
that previously it did.)

On 05/06/2010 02:42 PM, Duffey, Blake A. wrote:
> Here is our configuration - we have a Windows 2003 domain I'll call
> 'corporate' and a Windows 2008 domain I'll call 'lab'. There is a
> one-way trust (users can log into 'lab' machines using 'corporate'
> creds). We have a linux box running samba that is a member of 'lab'.
> Users log into their Windows machines using a 'corporate' credential
and
> can seamlessly get to samba.
>
>
>
> Yesterday I upgraded 'lab' to Windows 2008R2 - and things blew up from
> there.
>
>
>
> Users are prompted to authenticate when connecting to the samba
system,
> and the server log shows NT_STATUS_NO_SUCH_USER.
>
>
>
> To resolve, we've removed/re-joined to the domain and upgraded to
samba
> 3.5.2
>
>
>
> If I log into a lab system with a lab ID, I can get to samba.
>
>
>
> But nothing from the trusted domain works.
>
>
>
> Any insight greatly appreciated.
>
>
>
>
>
>

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba