[Samba] LDAP Domain Trust

Simon Chambers simon.chambers at isoftuk.co.uk
Thu Aug 8 18:42:02 GMT 2002


Have you created a machine account for the computer?

If not this is your problem.

You do it by creating a blank user with the name WSName$ in /etc/passwd and
then creating a SMB entry using

smbpasswd -a -m WSName

this will create the trust account.

If you have any problems check the samba-pdc-howto
http://www.mirror.ac.uk/sites/ftp.samba.org/docs/htmldocs/samba-pdc-howto.ht
ml

Regards,

Simon

----- Original Message -----
From: "Arthur H. Johnson II" <arthur at linuxbox.nu>
To: <samba at lists.samba.org>
Cc: "Matt Benjamin" <matt at linuxbox.nu>; <elizabeth at linuxbox.nu>
Sent: Thursday, August 08, 2002 9:27 PM
Subject: [Samba] LDAP Domain Trust


>
> I have a small problem.  I'm an LDAP newbie, and am having trouble getting
> Samba to authenticate.  What I have is an LDAP tree, with the samba.schema
> loaded in out LDAP configuration.  I already tested smb.conf without
> ldap-sam compiled in, and it authenticates just fine to smbpasswd and
> locally added machine trust accounts.
>
> Submitted for your assistance:
>
> Prelim:
>
> 1. WSName = workstation name
> 2. TESTDOM = domain name
> 3. myuser = User in LDAP database
>    a. authenticated via smbpasswd
> 4. Joined domain as configured with LDAP with smbpasswd
>
>
> On Server:
>
> 1. User accounts added
> 2. run:  smbldap-useradd.pl -w WSName
>    a. Not sure where the perl script came from
>    b. LDAP was set up for my by my boss
> 3. Added "root" user to LDAP
>
>
> On XP: First Run
>
> 1. Edit registry to zero out requiresignorseal
> 2. Reboot
> 3. right click on My Computer, to to properties
> 4. Go to Computer Name, click on Change
> 5. Make sure name is:  WSName
> 6. Click on Domain, add "TESTDOM" to domain field
> 7. Asks for user allowed access, enter "root" user and pass
> 8. After long wait, it says "Welcom to domain...." blah blah
> 9. Reboot, try to authenticate as "myuser"
>    a. Says something about not being able to find the domain
> 10. Log in as administrator local, says that I am joined to the
>     domain.
>
> On XP, second run:
>
> 1. right click on My Computer, go to properties
> 2. go to computer name, go to Network ID
> 3. Follow directions in Wizard
> 4. When I get to the final window, where it asks to
>    add a user, it tells me that it cant establish a
>    "Trust Account" with the server.  WTF?
>
> Like I said, when I manually add all the info in Samba's smbpasswd with
> Samba compiled without LDAP, everything goes smooth.  I can auth as
> different users, etc.
>
> Any help out there?  We are a commercial company and would be willing to
> pay someone.  I have a feeling this has something to do with Samba and
> LDAP not playing well together.  My LDAP samba.schema is located here:
>
> http://arthur.linuxbox.nu/samba.schema
>
> --
>
> Arthur H. Johnson II
> Senior Systems Engineer
>
> The Linux Box
> 206 S. Fifth Ave. Suite 150
> Ann Arbor, MI  48104
>
> tel.  734-761-4689
> fax.  734-769-8938
> pgr.  734-882-0323
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>




More information about the samba mailing list