Hi,
I have a problem with SAMBA Shares FQDN and User from different domain.
SAMBA 4.14.12-1 is running on AIX
Share is working with FQDN and User from same domain MYDOMAIN_A then SAMBA Server.
Share is working with short name myhostname and User from same domain MYDOMAIN_A and different domain MYDOMAIN_B then SAMBA Server.
Share is not working with FQDN MYDOMAIN_A and User from different domain MYDOMAIN_B then SAMBA Server.
I get this error in the SAMBA log.
[2022/04/22 15:27:47.549637, 1] ../../source3/librpc/crypto/gse.c:666(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
no transit allowed through realm MYDOMAIN_C.INT]
[2022/04/22 15:27:47.549693, 4] ../../source3/smbd/sec_ctx.c:446(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2022/04/22 15:27:47.549768, 1] ../../auth/gensec/spnego.c:1245(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(NULL)]): NT_STATUS_LOGON_FAILURE
smb.conf[global]
unix charset = ISO-8859-1
workgroup = MY-GROUP
config file = /etc/samba/smb.conf.%m
realm = MYDOMAIN_A.COM
server string = Samba Server
security = ADS
netbios name = myhostname
dedicated keytab file = /etc/krb5/krb5.keytab
kerberos method = dedicated keytab
log level = 4
log file = /var/log/samba/log.%m
max log size = 500
unix extensions = No
load printers = No
idmap config * : backend = tdb
create mask = 0664
directory mask = 0777
hide dot files = No
map archive = No
mangled names = No
interfaces = en0 xx.xx.xx.xx/24
username map = /etc/samba/users.map
best regards, Wolfgang
------------------------------
Wolfgang Tress
AIX, Storage,SAN und Backup Admin
Dürr IT Service GmbH
Schopfloch
+49 7443133121
------------------------------