Robert R.ParticipantMar 24, 2011 at 5:47 pm #153977
New active directory forest
empty root domain: x.tld (Windows 2008 R2 domain controllers: dc01.x.tld and dc02.x.tld)
child domain: prod.x.tld (Windows 2008 R2 domain controllers: dcp01.x.tld and dcp02.x.tld)
child domain: office.x.tld (Windows 2008 R2 domain controllers: dco01.x.tld and dco02.x.tld)
All six domain controllers are VMware virtual machines currently running on the same hardware and in the same subnet (172.18.50.0), although OFFICE will be moved to another network at a later date.
User accounts reside in OFFICE, with User Principal Name (UPN) form of loginID@x.tld , and “Pre-Windows 2000” format of OFFICEloginID
A service account called winbind is set up in PROD : [email protected]
Red Hat Enterprise Linux (RHEL) host is bound to PROD using windbind. The plan is to use the user credentials in OFFICE to authenticate to the RHEL hosts in PROD (and DEV when that is added to the forest at a later date).
Problem: winbind cannot retrieve information about users and groups in OFFICE , but it can for the users and groups in PROD
Is it possible for winbind to work across trusted domains?[[email protected] ~]# wbinfo -u
x$ I]empty root domain, [FONT=Courier New]x.tld[/FONT] ?[/I
office$ I]trusted domain, [FONT=Courier New]office.x.tld[/FONT] ?[/I
[[email protected] ~]# wbinfo -g
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
rdp-office I]this is the group created per [URL=”http://forums.petri.com/showthread.php?t=54303″]forums.petri.com/showthread.php?t=54303[/URL] to allow office users to RDP into [FONT=Courier New]PROD[/FONT] servers[/I
[[email protected] ~]# id robertr
id: robertr: No such user
[[email protected] ~]#
Robert R.ParticipantApr 15, 2011 at 2:39 pm #353179
Re: winbind Across Trusted Domains
I’m not going to pretend to understand what the Unix admins did, but the workaround at this point is to have the users log in with their credentials in the format of
when they need to access Unix/Linux hosts and applications.
Logging into Windows hosts and applications works as expected with OFFICEuserID and userID@x.tld credentials.
You must be logged in to reply to this topic.