Вопрос решился. Как выяснилось, Samba может устанавливать прямые отношения с доменами только в режиме контролёра домена (по текущим соображениям у нас решили, что это нежелательно использовать). В режиме члена домена Samba не видит недоверенные домены, так как видит только то, что видит сервер AD, домена к которому она привязана. Так что необходимо устанавливать, как минимум, одностороннее доверие или транзитивную передачу доверия к домену, который желает добраться до ресурсов сервера Самбы.
Нашёл некоторые полезные разъяснения по этой теме здесь:
http://stuff.mit.edu/afs/sipb/project/s ... rusts.html
http://technet.microsoft.com/en-us/libr ... S.10).aspx
После того, как у нас было установлено доверенное отношение к новому домену, всё заработало.
Код: Выделить всё
[2011/03/25 18:27:21, 3] winbindd/winbindd_cm.c:1597(connection_ok)
connection_ok: Connection to HOLDER for domain SAMARA is not connected
[2011/03/25 18:27:21, 3] libsmb/namequery.c:1309(resolve_hosts)
resolve_hosts: Attempting host lookup for name HOLDER<0x20>
[2011/03/25 18:27:21, 3] libsmb/namequery.c:1328(resolve_hosts)
resolve_hosts: getaddrinfo failed for name HOLDER [hostname nor servname provided, or not known]
[2011/03/25 18:27:21, 3] libsmb/namequery.c:1091(resolve_wins)
resolve_wins: Attempting wins lookup for name HOLDER<0x20>
[2011/03/25 18:27:21, 3] libsmb/namequery.c:1095(resolve_wins)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2011/03/25 18:27:21, 3] libsmb/namequery.c:1018(name_resolve_bcast)
name_resolve_bcast: Attempting broadcast lookup for name HOLDER<0x20>
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 2] lib/util_tdb.c:385(tdb_log)
tdb(unnamed): tdb_open_ex: could not open file /var/db/samba34/unexpected.tdb: No such file or directory
[2011/03/25 18:27:22, 3] winbindd/winbindd_cm.c:1597(connection_ok)
connection_ok: Connection to dc01.domen.ru for domain domen.ru is not connected
[2011/03/25 18:27:22, 3] libsmb/namequery.c:1309(resolve_hosts)
resolve_hosts: Attempting host lookup for name dc01.domen.ru<0x20>
[2011/03/25 18:27:22, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: ", *"
[2011/03/25 18:27:29, 1] libads/cldap.c:156(recv_cldap_netlogon)
no reply received to cldap netlogon (select timeout 7 sec)
[2011/03/25 18:27:29, 3] libads/ldap.c:218(ads_try_connect)
ads_try_connect: CLDAP request 192.168.96.50 failed.
[2011/03/25 18:27:29, 3] libads/ldap.c:621(ads_connect)
Successfully contacted LDAP server 10.48.34.50
[2011/03/25 18:27:29, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: ", *"
[2011/03/25 18:27:29, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: ", *"
[2011/03/25 18:27:29, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: ", *"
[2011/03/25 18:27:29, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: ", *"
[2011/03/25 18:27:29, 3] libads/ldap.c:621(ads_connect)
Successfully contacted LDAP server 10.48.34.50
[2011/03/25 18:27:29, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: ", *"
[2011/03/25 18:27:29, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: ", *"
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:940(cli_session_setup_spnego)
Doing spnego session setup (blob length=136)
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.3.6.1.4.1.311.2.2.30
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.2.840.48018.1.2.2
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.2.840.113554.1.2.2
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.2.840.113554.1.2.2.3
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.3.6.1.4.1.311.2.2.10
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:975(cli_session_setup_spnego)
got principal=not_defined_in_RFC4178@please_ignore
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:1019(cli_session_setup_spnego)
cli_session_setup_spnego: got a bad server principal, trying to guess ...
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:1048(cli_session_setup_spnego)
cli_session_setup_spnego: guessed server principal=open-dc01$@domen.ru
[2011/03/25 18:27:29, 2] libsmb/cliconnect.c:739(cli_session_setup_kerberos)
Doing kerberos session setup
[2011/03/25 18:27:29, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Sat, 26 Mar 2011 04:27:29 MSK
[2011/03/25 18:27:29, 3] libsmb/namequery.c:1309(resolve_hosts)
resolve_hosts: Attempting host lookup for name Holder.SAMARA.RU<0x20>
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:940(cli_session_setup_spnego)
Doing spnego session setup (blob length=109)
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.2.840.48018.1.2.2
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.2.840.113554.1.2.2
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.2.840.113554.1.2.2.3
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.3.6.1.4.1.311.2.2.10
[2011/03/25 18:27:29, 3] libsmb/cliconnect.c:975(cli_session_setup_spnego)
got principal=holder$@SAMARA.RU
[2011/03/25 18:27:30, 2] libsmb/cliconnect.c:739(cli_session_setup_kerberos)
Doing kerberos session setup
[2011/03/25 18:27:30, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Sat, 26 Mar 2011 04:27:29 MSK
[2011/03/25 18:27:34, 3] winbindd/winbindd_user.c:166(winbindd_dual_userinfo)
[26084]: lookupsid S-1-5-21-823518204-616249376-839522115-2662
[2011/03/25 18:27:34, 3] winbindd/winbindd_ads.c:1203(sequence_number)
ads: fetch sequence_number for SAMARA
[2011/03/25 18:27:34, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: "Holder.SAMARA.RU, *"
[2011/03/25 18:27:34, 3] libads/ldap.c:621(ads_connect)
Successfully contacted LDAP server 192.168.100.3
[2011/03/25 18:27:34, 3] libsmb/namequery.c:1974(get_dc_list)
get_dc_list: preferred server list: "Holder.SAMARA.RU, *"
[2011/03/25 18:27:34, 3] libads/ldap.c:621(ads_connect)
Successfully contacted LDAP server 192.168.100.3
[2011/03/25 18:27:34, 3] libads/ldap.c:621(ads_connect)
Successfully contacted LDAP server 192.168.100.3
[2011/03/25 18:27:49, 3] libads/ldap.c:675(ads_connect)
Connected to LDAP server Holder.SAMARA.RU
[2011/03/25 18:27:49, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2011/03/25 18:27:49, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2011/03/25 18:27:49, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2011/03/25 18:27:49, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2011/03/25 18:27:49, 3] libads/sasl.c:789(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name = holder$@SAMARA.RU
[2011/03/25 18:27:49, 3] libsmb/clikrb5.c:687(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2011/03/25 18:27:49, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Sat, 26 Mar 2011 04:27:49 MSK
[2011/03/25 18:27:49, 3] winbindd/winbindd_ads.c:467(query_user)
ads: query_user
[2011/03/25 18:27:49, 3] winbindd/winbindd_ads.c:569(query_user)
ads query_user gave test1
Теперь осталось обновить Самбу. С этим оказался тоже затык.
У меня: FreeBSD *** 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #0: Tue May 25 20:54:11 UTC 2010 GENERIC amd64
По непонятным причинам порты Самбы v3.4-3.5 в конце сборки не находят путь к директории с установленным kerberos, и останавливают сборку.
Эта проблема существует уже не менее полугода, и упоминается в инете:
http://forums.freebsd.org/showthread.php?t=21461
Если упомянутый там способ сработает, сообщу.