[Samba] Samba DC to Samba NT4 Domain Trust

Rowland penny rpenny at samba.org
Thu Oct 31 22:30:10 UTC 2019 

On 31/10/2019 21:58, Vex Mage wrote:
>
>
>
>     Have you tried 'net rpc trust create'  ?
>
>     See 'net help rpc trust create' for the syntax.
>
>
> When I attempt this I get the following error message
>
> SAMBAPDC ~# net rpc trust create 
> otherserver=sambaad.engineering.college.edu 
> <http://sambaad.engineering.college.edu> otheruser=administrator 
> trustpw=********** -S localhost
> of
> SAMBAPDC ~# net rpc trust create 
> otherserver=samba4.engineering.college.edu 
> <http://samba4.engineering.college.edu> otheruser=administrator 
> otherdomainsid=S-1-5-21-2519800817-276706161-1978691535 
> other_netbios_domain=sambaad 
> otherdomain=sambaad.engineering.college.edu 
> <http://sambaad.engineering.college.edu>
> Enter root's password:
> dcerpc_lsa_QueryInfoPolicy2_r failed with error 
> [NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE].
> get_domain_info failed with error [NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE].
> connect_and_get_info failed with error 
> [NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE]
>
> I can post the result of that command with -d10 if that would be helpful.
>
>
>     Or on the Samba DC 'samba-tool domain trust create' ?
>
>     see 'samba-tool domain trust create --help' for syntax.
>
>
> When I attempt this I get the following error message
> SAMBAAD ~# samba-tool domain trust create PDC --type external 
> --direction=both --create-location=both --quarantined=no -W SAMBAPDC 
> -Uroot --password=********
> LocalDomain Netbios[SAMBAAD] DNS[sambaad.engineering.college.edu 
> <http://sambaad.engineering.college.edu>] 
> SID[S-1-5-21-2519800817-276706161-1978691535]
> ERROR: Failed to find a writeable DC for domain 'PDC': The remote 
> system is not reachable by the transport.

I think your problem may be incorrect info.

What is the short hostname of the PDC ?

What is the short hostname of the AD DC

What is the workgroup name for the PDC ?

What is the workgroup name for the AD DC ?

I take it the SID is from the AD DC


>
>
>
>
>     I urge you to, at least, start planning the upgrade away from the
>     NT4-style domain, they are highly likely to go away.
>
>     Just what are you running on the PDC, that you cannot run on a DC ?
>
>
> The real problem for us is that Samba Active Directory doesn't support 
> any backends except internal and our backend is OpenLDAP.
>
That shouldn't be a problem, You can extend the Samba AD similar to 
openldap or you could use something newer instead. Just what are you 
using openldap for ?

Rowland

More information about the samba mailing list