Configuring Linux Box to Use Domain Level Security

Smith, William E. Bill.Smith at jhuapl.edu
Tue Feb 1 17:56:45 GMT 2000


I am attempting to setup my linux machine to use domain level security but
am having some problems.  I'll start off by first listing what I have done.
The linux machine has been placed in Domain A(A resource domain) and has
joined that domain with no problems after I had created the machine account
for it via Server Manager.  I listed the password servers I wanted to use
which are located within Domain B(Account domain).  Domain A also trusts
domain B.  I then changed the security level to domain and restarted all the
daemons.  When I looked at the logs, I found the following errors listed:
My feeling as is several other linux people I've talked to here is that I
need a machine account created in Domain B at which point my machine will be
able to have authentication requests done via the account domain controllers
in Domain B.  Is this the right line of thinking or is something else wrong
here?  Also, what kind of inherent security risks/holes are opened up when
using an NT domain controller to authenticate requests.  Any help would be
appreciated.
 
Thanks,
 
Bill
 
 
 
[2000/02/01 12:39:35, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
  cli_nt_setup_creds: auth2 challenge failed
[2000/02/01 12:39:35, 0] smbd/password.c:domain_client_validate(1351)
  domain_client_validate: unable to setup the PDC credentials to machine
<domain B domain controller netbios name>. Error was :
NT_STATUS_NO_TRUST_SAM_ACCOUNT.
[2000/02/01 12:39:35, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
  cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2000/02/01 12:39:35, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
  cli_nt_setup_creds: auth2 challenge failed
[2000/02/01 12:39:35, 0] smbd/password.c:domain_client_validate(1351)
  domain_client_validate: unable to setup the PDC credentials to machine
<domain B controller netbios name>. . Error was :
NT_STATUS_NO_TRUST_SAM_ACCOUNT.
 
 
Bill Smith

mailto:bill.smith at jhuapl.edu <mailto:bill.smith at jhuapl.edu> 

The Johns Hopkins University                    Washington DC: 240-228-5523

Applied Physics Laboratory                      MD: 443-778-5523

11100 Johns Hopkins Road                        Fax: 240-228-5727

Laurel, MD 20723-6099                           Web: http://www.jhuapl.edu/
<http://www.jhuapl.edu/> 



  


 
 
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the samba-ntdom mailing list