Problem adding approved domain

Come here to share your tips and tricks for using Samba4
Locked
damien.simon28
Messages: 1
Registration: August 7, 2023 - 4:40 PM

August 7, 2023 - 4:51 PM

Hello Tranquil IT members
, this is my first post, I hope I'm clear and concise.

Here's my infrastructure:
2 different domains that I want to trust together and 4 domain controllers running Samba.

Domain A:
co-cob.local
co-cob-pdc1: 192.168.1.237
co-cob-pdc2: 192.168.36.209

Domain B:
vw-cob.local
vw-cob-pdc1: 192.168.5.209
vw-cob-pdc2: 192.168.6.209

I modified the smb.conf file to add a forwarder capable of resolving these two domain names on all 4 PDCs.

When I try to trust the vw-cob.local domain on co-cob-pdc1, I get this error message on the last line.

root@co-cob-pdc1:/home/cobredia# samba-tool domain trust create VW-COB-PDC1 --type=external --direction=both --create-location=both -U administrator@VW-COB.LOCAL
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncalrpc:CO-COB-PDC1[,auth_type=ncalrpc_as_system]
LocalDomain Netbios[CO-COB] DNS[co-cob.local] SID[S-1-5-21-1035937396-3187240211-587002400]
resolve_lmhosts: Attempting lmhosts lookup for name VW-COB-PDC1
RemoteDC Netbios[VW-COB-PDC1] DNS[vw-cob-pdc1.vw-cob.local] ServerType[PDC,GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,GOOD_TIMESERV,FULL_SECRET_DOMAIN_6]
Using binding ncacn_np:vw-cob-pdc1.vw-cob.local
resolve_lmhosts: Attempting lmhosts lookup for name vw-cob-pdc1.vw-cob.local
Password for [administrator@VW-COB.LOCAL]:
RemoteDomain Netbios[VW-COB] DNS[vw-cob.local] SID[S-1-5-21-4019542943-1451400438-4094348130]
Using binding ncalrpc:CO-COB-PDC1[,auth_type=ncalrpc_as_system]
Using binding ncacn_np:vw-cob-pdc1.vw-cob.local
resolve_lmhosts: Attempting lmhosts lookup for name vw-cob-pdc1.vw-cob.local
Creating remote TDO.
Remote TDO created.
Setting supported encryption types on remote TDO.
Creating local TDO.
Local TDO created
Setting supported encryption types on local TDO.
Validating outgoing trust...
ERROR: LocalValidation: DC[] CONNECTION[WERR_NO_LOGON_SERVERS] TRUST[WERR_NO_LOGON_SERVERS] VERIFY_STATUS_RETURNED

Do you have any idea how to unblock this?
Thank you for your help
Attachments
redirector.JPG
redirector.JPG (26.9 KB) Viewed 49030 times
High
User avatar
vcardon
WAPT Expert
Messages: 278
Registration: Oct 06, 2017 - 10:55 p.m.
Location: Nantes, France

August 7, 2023 - 7:01 PM

At TIS, I don't recall us implementing trust relationships using Samba-AD for any clients, so we have no experience with that. We prefer merging domains, which increases security levels.

Have you tried searching the official Samba mailing list?
Vincent CARDON
Tranquil IT
High
Locked

Return to "Tips and Tricks"


  • To go further with WAPT