[Samba] Method to verify existance of trust account?

Neil Muller neil at neologix.net
Mon Jun 17 17:41:02 GMT 2002

Have you tried creating the trust account manually and have you made sure that
root is a samba user? It seems that the only user who can add machines to a
Samba based domain is root. There are also a couple of settings for smb.conf
that you should check ... just get the combined samba howtos from samba.org for
a complete description of what to do (minus the "root must be a samba user" bit
:-) ). I'm having no problems with using samba as a pdc on either rh7.2 or
rh7.3. I'm using samba 2.2.4-2.


Quoting Michael Sloan <michael at theprintinghouse.com>:

> I'm still fighting with getting a Samba server (RH Linux 7.2, kernel
> 2.4.9-21, samba 2.2.4) to join an NT domain (NT 4.0, SP6). Everything
> I've
> read in the documentation indicates that this works well and readily,
> but I
> cannot get it to work.
> The error message received when attempting to join a domain is:
> ./smbpasswd -j TESTDOMAIN -r SMBTEST
> cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
> cli_nt_setup_creds: auth2 challenge failed
> modify_trust_password: unable to setup the PDC credentials to machine
> 2002/06/17 10:54:21 : change_trust_account_password: Failed to change
> password
> for domain TESTDOMAIN.
> Unable to join domain TESTDOMAIN.
> This creates a /etc/samba/secrets.tdb file, but 'wbinfo -t' reports:
> 'Secret
> is bad'. The samba server has been added to the NT server using Server
> Manager. The PDC is the only server in this domain, and was set up
> exclusively for getting the quirks worked out with attempting to add
> the
> server to our production NT domain.
> I have the following in the [Global] section of my smb.conf file:
>   workgroup = testdomain
>   encrypt passwords = yes
>   security = server
>   password server = smbtest
>   obey pam restrictions = yes
> The NT server has, in its logs, that no trust account exists for the
> system,
> despite appearing in Server Manager, with the 'show only domain
> members'
> option checked. Can someone suggest some troubleshooting methodology
> for
> this problem? Is there a way to peruse the list of trust accounts other
> than
> using Server Manager? Are there other issues that can cause this same
> error
> message? I'm planning to use winbind, when and if I can get this system
> to
> join the domain, and so I've already altered the PAM files according to
> the
> HOWTO documents.
> It doesn't appear to be a network communication issue - ping and
> nmblookup
> both return positive results. The DNS names for both the samba server
> and
> the PDC are the same as their NetBIOS names.
> Any help or suggestions for troubleshooting this problem would be
> appreciated.
> Michael Sloan
> Network Administrator
> The Printing House, Ltd.
> email: michael at theprintinghouse.com
> voice: (850) 875-1500x155
> fax: (850) 875-4080
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list