[Samba] problems trusting a w2003 domain server from samba 3

Gianluca Cecchi gianluca.cecchi at gmail.com
Fri Aug 11 13:14:49 GMT 2006 

I have samba 3 PDC (SAMBA domain with hostname "pevpdc") on CentOS 3.7
(package is named samba-3.0.9-1.3E.7) and I have a w2k3 sp1 domain
(W2003 domain with hostname "mailserver").
The last is in mixed mode and is an exchange server and the former is
without winbind, using smbpasswd backend and "security = user" in
smb.conf.

I would like to authenticate mailserver users through samba mgmt.
So if I understand correctly, I need one-way trust relashionship where
the SAMBA domain is the trusting one, while the W2003 domain is the
trusted one.
>From w2003, in AD domains and trusts I create the new one-way-incoming
trust specifying SAMBA as the domain and a password for the trust;
then I select to confirm the incoming trust and so I have to specify
an administrative user/password on SAMBA domain, but I get at the end
of the wizard:

"The verification of the incoming trust failed with the following error(s):
The target system PEVPDC does not support NetLogon trust password verification.
A secure channel reset will be attempted.
The secure channel reset failed with error 1355: The specified domain
either does not exist or could not be contacted."

and also in the same window:

"Before this trust can function it must also be created in the other
domain. Ensure that the same trust password is used in both domains."

I click anyway the Finish button, as I can validate in a second moment.

In samba I run as root

net rpc trustdom establish PEVIANIMAIL
Password: [here I use the trust password supplied on the mailserver wizard]

I get:

Could not connect to server MAILSERVER
[2006/08/11 14:47:58, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1451)
  cli_nt_session_open: cli_nt_create failed on pipe \wkssvc to machine
MAILSERVER.  Error was NT_STATUS_ACCESS_DENIED
[2006/08/11 14:47:58, 0] utils/net_rpc.c:rpc_trustdom_establish(4363)
  Couldn't not initialise wkssvc pipe

What are the bits I'm missing?
Would be sufficient to use winbind on samba? In this case is it the
implementation of winbind doable without stopping samba services?
 What is the message related with the 1355 error in w2003 about secure channel?
Thanks in advance for your help.
Best regards,
Gianluca

More information about the samba mailing list