Trustdom bug in 3.0.20a

C.Lee Taylor leet at leenx.co.za
Mon Oct 24 16:06:51 GMT 2005 

> |     I hoping nobody will take offense that I'm post here and not first
> | to samba-maillist, the reason I'm doing this, is because I think there
> | is a bug in 3.0.20a, regarding trust relationship.
> Any chance you could check 3.0.20?  This may be related to
> bug #3201.
	Okay, setup my test system, with the stand stuff that comes with 
FC4-64, which is samba-3.0.14a.

	I copy across my working /etc/samba folder from my running system which 
the trust is working.

	Try to connect from a user in the AD system to my test system and it 
ask for username and password, which means the trust is not working.

	So I do a ...

[root at sza1 ~]# net rpc trustdom list
Password:
Trusted domains list:

XXXXXX-ZA           S-1-5-21-2262039010-3678390577-1278297590

Trusting domains list:

none

	I think then maybe do ...

[root at sza1 ~]# net rpc trustdom add XXXXXX-ZA trust
Password:

[root at sza1 ~]# net rpc trustdom establish XXXXXX-ZA
Password:
Could not connect to server XXXZADC01
The username or password was not correct.
[2005/10/24 17:55:34, 0] utils/net_rpc.c:rpc_trustdom_establish(4642)
   Couldn't verify trusting domain account. Error was 
NT_STATUS_LOGON_FAILURE

	Seems I put in the wrong password ... The question for password, should 
ask for which password, not just password ... Got this wrong a few times ...

	So, I try again ...

[root at sza1 ~]# net rpc trustdom establish XXXXXX-ZA
Password:
Could not connect to server XXXZADC01
Trust to domain XXXXXX-ZA established
   Couldn't connect to domain controller
[root at sza1 ~]# net rpc trustdom list
Password:
Trusted domains list:

XXXXXX-ZA           S-1-5-21-2262039010-3678390577-1278297590

Trusting domains list:

none

	I test the same on my working server and it reports the same thing.

	How is it that my older server seems to be access trust-accounts, but 
not my new system.  I have not even updated to a newer Samba, so I'm 
wondering how I can get this working.

	I'm not using windbind on any of my servers because I'm using LDAP to 
replicate to other sites user stuff, which I would not be able to do 
nicely with winbind.

Thanks
Mailed
Lee

More information about the samba-technical mailing list