[Samba] Method to verify existance of trust account?

Michael Sloan michael at theprintinghouse.com
Mon Jun 17 08:19:02 GMT 2002 

I'm still fighting with getting a Samba server (RH Linux 7.2, kernel
2.4.9-21, samba 2.2.4) to join an NT domain (NT 4.0, SP6). Everything I've
read in the documentation indicates that this works well and readily, but I
cannot get it to work.

The error message received when attempting to join a domain is:

./smbpasswd -j TESTDOMAIN -r SMBTEST
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials to machine
SMBTEST.
Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT.
2002/06/17 10:54:21 : change_trust_account_password: Failed to change
password
for domain TESTDOMAIN.
Unable to join domain TESTDOMAIN.

This creates a /etc/samba/secrets.tdb file, but 'wbinfo -t' reports: 'Secret
is bad'. The samba server has been added to the NT server using Server
Manager. The PDC is the only server in this domain, and was set up
exclusively for getting the quirks worked out with attempting to add the
server to our production NT domain.

I have the following in the [Global] section of my smb.conf file:

  workgroup = testdomain
  encrypt passwords = yes
  security = server
  password server = smbtest
  obey pam restrictions = yes

The NT server has, in its logs, that no trust account exists for the system,
despite appearing in Server Manager, with the 'show only domain members'
option checked. Can someone suggest some troubleshooting methodology for
this problem? Is there a way to peruse the list of trust accounts other than
using Server Manager? Are there other issues that can cause this same error
message? I'm planning to use winbind, when and if I can get this system to
join the domain, and so I've already altered the PAM files according to the
HOWTO documents.

It doesn't appear to be a network communication issue - ping and nmblookup
both return positive results. The DNS names for both the samba server and
the PDC are the same as their NetBIOS names.

Any help or suggestions for troubleshooting this problem would be
appreciated.

Michael Sloan
Network Administrator
The Printing House, Ltd.
email: michael at theprintinghouse.com
voice: (850) 875-1500x155
fax: (850) 875-4080

More information about the samba mailing list