[Samba] cancelling interdomain trusts

Craig White craigwhite at azapple.com
Mon Dec 22 06:40:12 GMT 2003

Mother always told me that there'd be days like this. She just didn't
tell me that they go on for weeks.

OK - John's book suggests that we're not complete in this arena
here...Yeah, I bought the Samba 3 How-to-guide - Borders/Phoenix had 3
on the shelf (now 2) - and also an LDAP book for reference. It's been a
fun weekend ;-)


# smbpasswd -x -i MULLEN
ldapsam_delete_entry: Could not delete attributes for
uid=mullen$,ou=People,o=Mullen,c=US, error: Object class violation
(object class 'person' requires attribute 'cn')
Failed to delete entry for user MULLEN$.
Failed to modify password entry for user MULLEN$

[must check - yes, cn=MULLEN$ is there, but the $ is probably kinking
the hose...dunno - it found it in simple search further down email]

# net rpc trustdom list
The username or password was not correct.
[2003/12/21 23:08:46, 0] utils/net_rpc.c:rpc_trustdom_list(2028)
  Couldn't connect to domain controller

[too tired to figure this last one out]

# ldapsearch -x -h localhost -b 'o=Mullen,c=US' '(uid=MULLEN$)'
version: 2

# filter: (uid=MULLEN$)
# requesting: ALL

# mullen$, People, Mullen, US
dn: uid=mullen$,ou=People,o=Mullen,c=US
uid: mullen$
cn: mullen$
sn: mullen$
mail: mullen$@mullenpr.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
objectClass: sambaSamAccount
krbName: mullen$@MULLENPR.COM
loginShell: /bin/false
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/mullen
sambaSID: S-1-5-21-3186189368-1246494298-1334198317-3002
sambaPrimaryGroupSID: S-1-5-21-3186189368-1246494298-1334198317-3003
sambaPwdCanChange: 1072073389
sambaPwdMustChange: 2147483647
sambaLMPassword: the-names-have-been-changed
sambaNTPassword: to-protect-the-innocent
sambaPwdLastSet: 1072073389
sambaAcctFlags: [I          ]

yes, there's an entry in /etc/passwd for MULLEN$ (had to hand edit after
adding the user mullen)

interdomain trust was working earlier today - but I ended up purging the
LDAP one last time because I had to get rid of SID's from original
domain captured by net rpc vampire and create a new SID for the second

wanted to just delete the trust from LINUX-DOMAIN to WINDOWS-DOMAIN to
start over. Trust from WINDOWS-DOMAIN to LINUX-DOMAIN seems OK.

Learning Samba 3 (so much has changed from 2.2x) simultaneously with
LDAP has been a numbing experience. Methinks that there are config stuff
for smb3 that aren't in LDAP db - possibly in secrets.tdb - sort of
samba's equiv to the Windows registry. Don't mind passwords, but where
do they hide the things like group mapping and domain trusts? I probably
should have 'nuked' the secrets.tdb but I'm tired, chicken and perhaps
someone will shine light in the dark corners.


More information about the samba mailing list