Samba as domain member, multiple domains

Brian Cunningham bcunnin at horizon.hit.net
Tue May 11 03:58:08 GMT 1999


I have recently installed Samba 2.0.3 on HP-UX 10.20.  Our organization
has one domain for machine accounts at each location and then one domain
for people that spans multiple locations.  I was able to successfully
(at least it looks ok) install Samba as a domain member according to the
instructions in DOMAIN_MEMBER.txt into the machine domain (MACHDOM),
however I can not get it to authenticate users from the user domain.
(USERDOM)  When my smb.conf file has security = domain and workgroup =
MACHDOM and the authentication server set to the PDC of the MACHDOM and
I try to use a share I get this in my log file.  

[1999/05/10 14:45:01, 0] smbd/password.c:(1364) domain_client_validate:
unable to validate passowrd for user bcunnin in domain MACHDOM to Domain
controller MACHPDC. Error was NT_STATUS_NO_SUCH_USER.

Which is exactly right, that user doesn't exist in the MACHDOM
domain, thus leading me to believe that Samba has properly joined
the domain.  However Samba doesn't seem be recognizing that this
is a user from another domain & passing it on to another server,
in spite off the fact that, while the client machine that is trying
to do this is a member of MACHDOM, the user that is logged in and
trying to connect is logged in from USERDOM.  So in smb.conf I
change the authentication server to be the pdc of the USERDOM and
I get the following message in my log file.

[199/05/10 15:20:21, 0] smbd/password.c:(1346) domain_client_validate:
unable to setup the PDC credentials to machine USERPDC. Error was :
NT_STATUS_NO_TRUST_SAM_ACCOUNT.

What am I doing wrong?  Do I have my trust relationships wrong on
the NT side?  I thought they were right, and they are working for
the multitude of NT boxes we have.  After the Samba box has it's
account created with Server Manager do specific trust relationships
need to be set up afterwords, between machines instead of domains?
Is this something that Samba doesn't support right now, and I must
have the samba box join the domain that I need to authenticate
users in (USERDOM)?  Or is there something else I am missing?
Thanks!


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Brian Cunningham                                 bcunnin at hit.net
  don't visit my trashy web page at http://wig.uark.edu/~bcunnin
------------------------------------------------------------------
            Some people have more time than brains.  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the samba-ntdom mailing list