I have IPA domain with AD trust.
AD userc can login in IPA computers.
getent passwd ad_user@ad_domain and id ad_user@ad_domain
I can login via ssh with kerberos ticket for ad_user@ad_domain
I setup SAMBA for this article
https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
kinit ad_user@ad_domain
smbclient -k -L sambatest.ipa.domain
smbclient -k //sambatest.ipa.domain
It works.
\\sambatest.ipa.domain from AD domain controllers works.
But from other AD domain server (not controller) - not works.
There are login and password request
If i use ad_user@ad_domain and his password i get "There are currently no logon
servers available to service the logon request"
In samba logs:
name_resolve_bcast: Attempting broadcast lookup for name IPA<0x1c>
[2018/01/10 00:02:34.419279, 4] ../source3/libsmb/namequery.c:3193(get_dc_list)
get_dc_list: no servers found
[2018/01/10 00:02:34.419330, 3] ../source3/libsmb/namequery_dc.c:175(rpc_dc_name)
Could not look up dc's for domain IPA
[2018/01/10 00:02:34.419340, 5]
../source3/auth/auth_domain.c:298(check_ntdomain_security)
check_ntdomain_security: unable to locate a DC for domain
[2018/01/10 00:02:34.419349, 5] ../source3/auth/auth.c:252(auth_check_ntlm_password)
check_ntlm_password: winbind authentication for user [ad_user@ad_domain] FAILED with
error NT_STATUS_NO_L
OGON_SERVERS
[2018/01/10 00:02:34.419360, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [ad_user@ad_domain] ->
[ad_user@ad_domain] FAI
LED with error NT_STATUS_NO_LOGON_SERVERS
[2018/01/10 00:02:34.419370, 5] ../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
Checking NTLMSSP password for \ad_user@ad_domain failed: NT_STATUS_NO_LOGON_SERVERS
[2018/01/10 00:02:34.419392, 5]
../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
../auth/ntlmssp/ntlmssp_server.c:737: Checking NTLMSSP password for \ad_user@ad_domain
failed: NT_STATUS_
NO_LOGON_SERVERS
[2018/01/10 00:02:34.419405, 2]
../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_LOGON_SERVERS
Aftrer AD controller reboot \\sambatest.ipa.domain stops work on controller
When i check relationship in Domain and Trust it works again.
IPA server name is DC
AD controller name is AD
What's wrong?
--
С уважением, Николай.