winbind Across Trusted Domains
Home › Forums › Microsoft Networking and Management Services › Active Directory › winbind Across Trusted Domains
- This topic has 1 reply, 1 voice, and was last updated 9 years, 9 months ago by
Robert R..
-
AuthorPosts
-
Robert R.ParticipantMar 24, 2011 at 5:47 pm #153977Environment:
New active directory forest
empty root domain: x.tld (Windows 2008 R2 domain controllers: dc01.x.tld and dc02.x.tld)
child domain: prod.x.tld (Windows 2008 R2 domain controllers: dcp01.x.tld and dcp02.x.tld)
child domain: office.x.tld (Windows 2008 R2 domain controllers: dco01.x.tld and dco02.x.tld)All six domain controllers are VMware virtual machines currently running on the same hardware and in the same subnet (172.18.50.0), although OFFICE will be moved to another network at a later date.
User accounts reside in OFFICE, with User Principal Name (UPN) form of loginID @x.tld , and “Pre-Windows 2000” format of OFFICEloginID
A service account called winbind is set up in PROD : [email protected]
Red Hat Enterprise Linux (RHEL) host is bound to PROD using windbind. The plan is to use the user credentials in OFFICE to authenticate to the RHEL hosts in PROD (and DEV when that is added to the forest at a later date).
Problem: winbind cannot retrieve information about users and groups in OFFICE , but it can for the users and groups in PROD
Is it possible for winbind to work across trusted domains?
[[email protected] ~]# wbinfo -u
prodadmin
guest
krbtgt
x$ I]empty root domain, [FONT=Courier New]x.tld[/FONT] ?[/I
vcenteradmin
office$ I]trusted domain, [FONT=Courier New]office.x.tld[/FONT] ?[/I
winbind[[email protected] ~]# wbinfo -g
domain computers
domain controllers
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
dnsadmins
dnsupdateproxy
dhcp users
dhcp administrators
netmon users
rdp-office I]this is the group created per [URL=”http://forums.petri.com/showthread.php?t=54303″%5Dforums.petri.com/showthread.php?t=54303%5B/URL%5D to allow office users to RDP into [FONT=Courier New]PROD[/FONT] servers[/I[[email protected] ~]# id robertr
id: robertr: No such user[[email protected] ~]# id [email protected]
id: [email protected]: No such user I]there is a delay of about 5 – 10 seconds before this result is returned[/I[[email protected] ~]#
-
AuthorPosts
You must be logged in to reply to this topic.