joining resource domain, trust account for master domain need ed (fwd)

DICKENS,CARY (HP-Loveland,ex2) cary_dickens2 at hp.com
Mon Jun 25 17:48:04 GMT 2001 

Mike,

We are having the same issue.  If you determine a work around, please let me
know.  We had this working with the version (cvs from 25MAY2001) prior to
big files (>2Gb) capability being added.  Since then, nothing we have done
has allowed us to have access like we need.

Samba 2.2 is awesome and I know the team is working their butts off.  This
is the only part that is causing me grief and I want to help, unfortunately
I don't understand the communication path in a domain well enough to allow
me to solve this myself.  The call that is failing is line 946 in reply.c.

  if (!guest && !check_server_security(orig_user, domain, user, 
         smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
      !check_domain_security(orig_user, domain, user, smb_apasswd,
         smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
      !check_hosts_equiv(user))

I think that check_domain_security should be returning true, but it goes
into password.c and ends up with the error message you identified and
returns false.

I don't know what Samba is looking for from the PDC.  I thought that if you
were in the trusted domain, you were welcome.  Any information on this would
be welcome.  

I am going to go back to one of the versions that had multi-mastered domains
working and see if I can identify where the communication paths diverge.  It
may be a shot in the dark, but at least its a shot.  :)

Cary 

-----Original Message-----
From: Michael Gerdts [mailto:Michael.Gerdts at usa.alcatel.com]
Sent: Monday, June 25, 2001 7:42 AM
To: samba-technical at lists.samba.org
Subject: joining resource domain, trust account for master domain needed
(fwd)


I sent this out on Friday.  Since then it occurred to me that the mention
of CVS may have scared people on the samba list away and that this may be a
bug (likely in documentation, possibly in code) that would be nice to have
in 2.2.1.

Please help if you can.
Mike

----- Forwarded message from Michael Gerdts <Michael.Gerdts at usa.alcatel.com>
-----

From: Michael Gerdts <Michael.Gerdts at usa.alcatel.com>
Date: Fri, 22 Jun 2001 10:40:56 -0400
To: samba at lists.samba.org
Subject: joining resource domain,  trust account for master domain needed

I am using SAMBA_2_2 from CVS as of 2001/06/18 13:23.

I have a master domain (MASTER) that takes care of all authentication.  I
have a resource domain (RES) that all file servers belong to.  The PDC in
RES is PDC.  The samba server has the netbios name SAMBA (Names changed to
protect the almost innocent.)

I have followed the instructions for joining an NT domain.  Specifically, I
did the following:

    1) had the NT admin create a machine account that matches my netbios
    name.

    2) smbpasswd -j RES -r PDC
    secrets.tbd exists.  strings(1) suggests that it has the right
    information in it.

    3) edited smb.conf, 
       security = domain
       workgroup = RES
       password server = PDC		(also tried *)

    4) started smbd

More information about the samba-technical mailing list