[Samba] Method to verify existance of trust account?
Neil Muller
neil at neologix.net
Mon Jun 17 17:41:02 GMT 2002
Have you tried creating the trust account manually and have you made sure that
root is a samba user? It seems that the only user who can add machines to a
Samba based domain is root. There are also a couple of settings for smb.conf
that you should check ... just get the combined samba howtos from samba.org for
a complete description of what to do (minus the "root must be a samba user" bit
:-) ). I'm having no problems with using samba as a pdc on either rh7.2 or
rh7.3. I'm using samba 2.2.4-2.
Neil
Quoting Michael Sloan <michael at theprintinghouse.com>:
> I'm still fighting with getting a Samba server (RH Linux 7.2, kernel
> 2.4.9-21, samba 2.2.4) to join an NT domain (NT 4.0, SP6). Everything
> I've
> read in the documentation indicates that this works well and readily,
> but I
> cannot get it to work.
>
> The error message received when attempting to join a domain is:
>
> ./smbpasswd -j TESTDOMAIN -r SMBTEST
> cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
> cli_nt_setup_creds: auth2 challenge failed
> modify_trust_password: unable to setup the PDC credentials to machine
> SMBTEST.
> Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT.
> 2002/06/17 10:54:21 : change_trust_account_password: Failed to change
> password
> for domain TESTDOMAIN.
> Unable to join domain TESTDOMAIN.
>
> This creates a /etc/samba/secrets.tdb file, but 'wbinfo -t' reports:
> 'Secret
> is bad'. The samba server has been added to the NT server using Server
> Manager. The PDC is the only server in this domain, and was set up
> exclusively for getting the quirks worked out with attempting to add
> the
> server to our production NT domain.
>
> I have the following in the [Global] section of my smb.conf file:
>
> workgroup = testdomain
> encrypt passwords = yes
> security = server
> password server = smbtest
> obey pam restrictions = yes
>
> The NT server has, in its logs, that no trust account exists for the
> system,
> despite appearing in Server Manager, with the 'show only domain
> members'
> option checked. Can someone suggest some troubleshooting methodology
> for
> this problem? Is there a way to peruse the list of trust accounts other
> than
> using Server Manager? Are there other issues that can cause this same
> error
> message? I'm planning to use winbind, when and if I can get this system
> to
> join the domain, and so I've already altered the PAM files according to
> the
> HOWTO documents.
>
> It doesn't appear to be a network communication issue - ping and
> nmblookup
> both return positive results. The DNS names for both the samba server
> and
> the PDC are the same as their NetBIOS names.
>
> Any help or suggestions for troubleshooting this problem would be
> appreciated.
>
> Michael Sloan
> Network Administrator
> The Printing House, Ltd.
> email: michael at theprintinghouse.com
> voice: (850) 875-1500x155
> fax: (850) 875-4080
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list