[Samba] NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
Carlos Sobrinho
epilog at netvisao.pt
Tue Feb 11 06:49:24 GMT 2003
Sorry for reposting this message but my first post was posted as a reply
wrongly...
--------------
Hi, I'm trying to solve a problem for about 3 weeks ago and can't...
I have debian here with samba (Version 2.999+3.0.alpha21-3 for Debian) acting
as the PDC of domain CASA. I have two Windows XP Professional here in my home
and since I was having problems with the local browser and browse lists of
shares I installed samba as a PDC instead of just a Local Master.
My pc is Epilog (192.168.0.1) (Master)
First XP Cajo (192.168.0.2)
Second XP Rui (192.168.0.3)
######## here's my smb.conf ########################################
# Global parameters
[global]
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
; Basic server settings
workgroup = CASA
netbios name = EPILOG
server string = %h.ath.cx
interfaces = 127.0.0.1 192.168.0.
hosts allow = 127.0.0.1 192.168.0.1 192.168.0.2 192.168.0.3
; we should act as the domain and local master browser
security = user
update encrypted = Yes
passdb backend = tdbsam, unixsam
pam password change = Yes
passwd program = /usr/bin/passwd
password level = 8
username level = 8
unix password sync = Yes
password server = *
add user script = /usr/sbin/useradd -g machines -d /dev/null -s
/bin/false -c Machine %m$
; logging
log file = /var/log/samba/%m.log
log level = 5 passdb:5 auth:10 winbind:2
#max log size = 100
timestamp logs = No
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_KEEPALIVE IPTOS_LOWDELAY
; domain options
os level = 250
preferred master = True
localmaster = Yes
domainmaster = Yes
domain logons = yes
wins support = yes
; do not show files starting with dots
hide dot files = yes
guest ok = no
invalid users = bin deamon sys man postfix mail ftp
admin users = @root
dns proxy = No
message command = /usr/bin/linpopup "%f" "%m" %s; rm %s
admin users = root
lock directory = /var/lock/samba
#####
show add printer wizard = yes
time server = Yes
unix extensions = Yes
utmp = yes
#character set = ISO8859-15
#####
load printers = yes
printing = cups
printcap name = cups
; where to store user profiles?
logon path = \\%N\profiles\%u
; where is a user's home directory and where should it
; be mounted at?
logon drive = H:
logon home = \\%N\%u
; specify a generic logon script for all users
; this is a relative **DOS** path to the [netlogon] share
logon script = logon.cmd
; If this is enabled, you can see active connections using the
; "smbstatus" command.
#status = yes
; This is a form of caching that, when enabled, may improve
; performance when reading files.
#read prediction = true
; A list of services that should be added automatically to the
; browse-list.
auto services = cdrom
[Admin]
comment = Drive C
path = /
valid users = root
read only = No
[MP3]
comment = Share dos MP3's
path = /mp3
[Win98]
comment = Windows98
path = /mnt/win98
[Videos]
comment = Videos do Sobry
path = /home/duckman/Videos
[CDROM]
comment = CDROM
path = /mnt/cdrom
[ZIP]
comment = Iomega ZIP 100 Megas
path = /mnt/zip
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0600
browseable = yes
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = root
[print$]
comment = Printer Drivers
path = /etc/samba/drivers
browseable = yes
guest ok = yes
read only = yes
write list = root
; necessary share for domain controller
[netlogon]
path = /var/lib/samba/netlogon
#public = no
writeable = no
#browsable = no
#valid users = root @smbusers
#read only = yes
#write list = root
guest ok = yes
share modes = no
; share for storing user profiles
[profile]
path = /var/lib/samba/ntprofile
writeable = yes
create mask = 0700
directory mask = 0700
browsable = no
valid users = root @smbusers
profile acls = yes
######## here's my smb.conf ########################################
## I added machines accounts and user accounts:
$[root] /home/duckman/# pdbedit -l
Trying to load: tdbsam
Attempting to find an passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam (at pos 2)
pdb backend tdbsam has a valid init
Trying to load: unixsam
Attempting to find an passdb backend to match unixsam (unixsam)
Found pdb backend unixsam (at pos 6)
pdb backend unixsam has a valid init
rui$:1003:Machines
cajo$:1009:Machines
cajo:1010:Carlos Rodrigues
epilog$:1005:Machines
duckman:1000:Carlos Sobrinho
rui:1002:Rui Rios
epilogwin$:1006:Machines
pdb_getsampwent: database entry not found.
## I added those 2 XP's to my domain and all went well
Added to domain CASA in XP
## I added option netbios-name-servers 192.168.0.1 in my /etc/dhcp3/dhcpd.conf
## I added my machine to the domain using
[root] /home/duckman/# net rpc join -w CASA -U root
Joined domain CASA.
## Both users can see my shares and the shares of each other using their
logins (cajo and rui) but here's my problem, if you're still with me after
all this lines...
I can't see their shares, For example:
[root] /home/duckman/# nmblookup -M - -S
querying __MSBROWSE__ on 127.255.255.255
192.168.0.1 __MSBROWSE__<01>
Looking up status of 192.168.0.1
EPILOG <00> - H <ACTIVE>
EPILOG <03> - H <ACTIVE>
EPILOG <20> - H <ACTIVE>
..__MSBROWSE__. <01> - <GROUP> H <ACTIVE>
CASA <00> - <GROUP> H <ACTIVE>
CASA <1b> - H <ACTIVE>
CASA <1c> - <GROUP> H <ACTIVE>
CASA <1d> - H <ACTIVE>
CASA <1e> - <GROUP> H <ACTIVE>
[root] /home/duckman/# nmblookup -M CASA
querying CASA on 127.255.255.255
192.168.0.1 CASA<1d>
[root] /home/duckman/# smbclient -L epilog -W casa -U duckman
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0
Got a positive name query response from 127.0.0.1 ( 192.168.0.1 )
Password:
Doing spnego session setup (blob length=58)
OS=[Unix] Server=[Samba]
Sharename Type Comment
--------- ---- -------
Admin Disk Drive C
MP3 Disk Share dos MP3's
Win98 Disk Windows98
Videos Disk Videos do Sobry
CDROM Disk CDROM
ZIP Disk Iomega ZIP 100 Megas
print$ Disk Printer Drivers
netlogon Disk
IPC$ IPC IPC Service (Epilog.ath.cx)
ADMIN$ IPC IPC Service (Epilog.ath.cx)
HP710C Printer HP DeskJet 710C
Server Comment
--------- -------
Workgroup Master
--------- -------
CASA EPILOG
## But if I do it for xp Cajo I get this:
[root] /home/duckman/# smbclient -L cajo -W casa -U cajo
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0
Got a positive name query response from 127.0.0.1 ( 192.168.0.2 )
Password:
Doing spnego session setup (blob length=98)
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
## I have searched google, google groups, samba ml and nothing. I even tried
samba cvs and samba-tng and nothing. Always the same error...
## If I remove machine "Rui" (192.168.0.3) from the domain and added it just
to the workgroup I can see his shares, so the problem should be just the
domain
## I tried the RestrictAnonymous to 0 in the windows XP
## I tried 100.000 things and nothing. Always the same thing so
## here's my ls of /var/lib/samba
[root] /var/lib/samba/# ls -la
total 80K
drwxr-xr-x 4 root root 4,0K 2003-02-03 22:38 ./
drwxr-xr-x 36 root root 4,0K 2003-02-03 00:44 ../
-rw------- 1 root root 8,0K 2003-02-03 22:39 account_policy.tdb
-rw------- 1 root root 8,0K 2003-02-03 22:31 group_mapping.tdb
drwxr-xr-x 2 root root 6 2003-01-31 22:37 netlogon/
-rw-r--r-- 1 root root 696 2003-02-03 22:39 netlogon_unigrp.tdb
-rw------- 1 root root 8,0K 2003-02-03 21:57 ntdrivers.tdb
-rw------- 1 root root 696 2003-02-03 21:57 ntforms.tdb
-rw------- 1 root root 8,0K 2003-02-03 21:57 ntprinters.tdb
drwxr-xr-x 2 root root 6 2003-01-31 22:37 ntprofile/
-rw------- 1 root root 8,0K 2003-02-03 22:39 registry.tdb
-rw------- 1 root root 8,0K 2003-02-03 22:14 secrets.tdb
-rw------- 1 root root 8,0K 2003-02-03 22:39 share_info.tdb
-rw-r--r-- 1 root root 8,0K 2003-02-03 22:38 wins.tdb
[root] /var/lib/samba/# ls -la netlogon
total 4,0K
drwxr-xr-x 2 root root 6 2003-01-31 22:37 ./
drwxr-xr-x 4 root root 4,0K 2003-02-03 22:38 ../
[root] /var/lib/samba/# ls -la ntprofile/
total 4,0K
drwxr-xr-x 2 root root 6 2003-01-31 22:37 ./
drwxr-xr-x 4 root root 4,0K 2003-02-03 22:38 ../
## BTW what should I have here and are the permissions right?
How can I solve MY problem ???
Thanks in advance for your time reading this long mail
With best regards
Carlos Sobrinho
PS: If you need, I can send the logs with a higher debuglevel but I have
searched the logs for info, even in level 10 and didn't found a anything
relevant. Only a failed credentials right before the
NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
--
############################################################
# Abandon the search for Truth; settle for a good fantasy. #
############################################################
More information about the samba
mailing list