Trustdom bug in 3.0.20a

C.Lee Taylor leet at leenx.co.za
Fri Oct 14 16:13:51 GMT 2005 

Greetings ...

	I hoping nobody will take offense that I'm post here and not first to 
samba-maillist, the reason I'm doing this, is because I think there is a 
bug in 3.0.20a, regarding trust relationship.

	We have a Win2K3 AD domain, which is used to access files on a 
Samba-LDAP domain, using 3.0.14a. We are able to access files on the 
Samba server using the original rpm samba package 3.0.14a-2 via the 
trust.  I say this because, when been logged into the AD domain, via a 
Citrix session, we are able to access all the files on the Samba server.

	We installed an extra server to do test on and create an rpm package of 
Samba 3.0.20a, and this server will not accept connections from the 
Citrix system anymore.  While testing something else, I upgraded the 
samba on the original server from 3.0.14a to 30.20a and lost all 
connections from the Citrix server.  Spend some time trying to fix the 
trust, and almost lost hope and downgrade back to 3.0.14a, without any 
work the trust start working again.

	Errors in the log ...

Oct 14 17:49:46 sza1 smbd[4134]: [2005/10/14 17:49:46, 0] 
auth/auth_domain.c:domain_client_validate(170)
Oct 14 17:49:46 sza1 smbd[4134]:   domain_client_validate: Domain 
password server not available.
Oct 14 17:49:46 sza1 smbd[4134]: [2005/10/14 17:49:46, 0] 
auth/auth_domain.c:connect_to_domain_password_server(118)
Oct 14 17:49:46 sza1 smbd[4134]:   connect_to_domain_password_server: 
unable to setup the NETLOGON credentials to machine NASZADC01. Error was 
: NT_STATUS_UNSUCCESSFUL.
Oct 14 17:49:46 sza1 smbd[4134]: [2005/10/14 17:49:46, 0] 
auth/auth_domain.c:connect_to_domain_password_server(118)
Oct 14 17:49:46 sza1 smbd[4134]:   connect_to_domain_password_server: 
unable to setup the NETLOGON credentials to machine NASZADC01. Error was 
: NT_STATUS_UNSUCCESSFUL.
Oct 14 17:49:46 sza1 smbd[4134]: [2005/10/14 17:49:46, 0] 
auth/auth_domain.c:connect_to_domain_password_server(118)
Oct 14 17:49:46 sza1 smbd[4134]:   connect_to_domain_password_server: 
unable to setup the NETLOGON credentials to machine NASZADC01. Error was 
: NT_STATUS_UNSUCCESSFUL.
Oct 14 17:49:46 sza1 smbd[4134]: [2005/10/14 17:49:46, 0] 
auth/auth_domain.c:domain_client_validate(170)
Oct 14 17:49:46 sza1 smbd[4134]:   domain_client_validate: Domain 
password server not available.
Oct 14 17:50:01 sza1 crond(pam_unix)[4140]: session opened for user root 
by (uid=0)

	What more info can I give you to look into this problem?
	
	Currently downloading 3.0.20b to see if it has the same problem?

	A side question, will a trust setup between AD and Samba work on 
multiple Samba servers? Is the trust kept in LDAP for this?

Mailed
Lee

More information about the samba-technical mailing list