joining resource domain, trust account for master domain need
ed (fwd)
DICKENS,CARY (HP-Loveland,ex2)
cary_dickens2 at hp.com
Mon Jun 25 17:48:04 GMT 2001
Mike,
We are having the same issue. If you determine a work around, please let me
know. We had this working with the version (cvs from 25MAY2001) prior to
big files (>2Gb) capability being added. Since then, nothing we have done
has allowed us to have access like we need.
Samba 2.2 is awesome and I know the team is working their butts off. This
is the only part that is causing me grief and I want to help, unfortunately
I don't understand the communication path in a domain well enough to allow
me to solve this myself. The call that is failing is line 946 in reply.c.
if (!guest && !check_server_security(orig_user, domain, user,
smb_apasswd, smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
!check_domain_security(orig_user, domain, user, smb_apasswd,
smb_apasslen, smb_ntpasswd, smb_ntpasslen) &&
!check_hosts_equiv(user))
I think that check_domain_security should be returning true, but it goes
into password.c and ends up with the error message you identified and
returns false.
I don't know what Samba is looking for from the PDC. I thought that if you
were in the trusted domain, you were welcome. Any information on this would
be welcome.
I am going to go back to one of the versions that had multi-mastered domains
working and see if I can identify where the communication paths diverge. It
may be a shot in the dark, but at least its a shot. :)
Cary
-----Original Message-----
From: Michael Gerdts [mailto:Michael.Gerdts at usa.alcatel.com]
Sent: Monday, June 25, 2001 7:42 AM
To: samba-technical at lists.samba.org
Subject: joining resource domain, trust account for master domain needed
(fwd)
I sent this out on Friday. Since then it occurred to me that the mention
of CVS may have scared people on the samba list away and that this may be a
bug (likely in documentation, possibly in code) that would be nice to have
in 2.2.1.
Please help if you can.
Mike
----- Forwarded message from Michael Gerdts <Michael.Gerdts at usa.alcatel.com>
-----
From: Michael Gerdts <Michael.Gerdts at usa.alcatel.com>
Date: Fri, 22 Jun 2001 10:40:56 -0400
To: samba at lists.samba.org
Subject: joining resource domain, trust account for master domain needed
I am using SAMBA_2_2 from CVS as of 2001/06/18 13:23.
I have a master domain (MASTER) that takes care of all authentication. I
have a resource domain (RES) that all file servers belong to. The PDC in
RES is PDC. The samba server has the netbios name SAMBA (Names changed to
protect the almost innocent.)
I have followed the instructions for joining an NT domain. Specifically, I
did the following:
1) had the NT admin create a machine account that matches my netbios
name.
2) smbpasswd -j RES -r PDC
secrets.tbd exists. strings(1) suggests that it has the right
information in it.
3) edited smb.conf,
security = domain
workgroup = RES
password server = PDC (also tried *)
4) started smbd
More information about the samba-technical
mailing list