[Samba] integrating multiple NT4 domains with Samba

thephly thephly at earthlink.net
Sun Mar 16 14:18:24 GMT 2003

On 2.2.8 "workgroup = " is ignored in include files

        include = /usr/local/samba/lib/smb.conf.global.%m

        netbios name = SAMBA
        workgroup = SOMEWHERE
        security = domain
        password server = somewhere-nt4-pdc

machinename connects with this result:

[2003/03/16 06:09:41, 0] smbd/password.c:(1558)
  domain_client_validate: could not fetch trust account password
for domain WORKGROUP


New value for "workgroup =" should have been "SOMEWHERE" . "workgroup =" can
no longer (since 2.0) by overridden by include files. It is can be set only
once in the main config file.

This prevents integration of multiple NT4 domains by single samba server.

----- Original Message -----
From: "thephly" <thephly at earthlink.net>
To: <samba at lists.samba.org>
Sent: Saturday, March 15, 2003 2:03 AM
Subject: [Samba] integrating multiple NT4 domains with Samba

On version 2.0 using "security = domain" and "include = globals.%m" I could
specify what PDC to use depending on client name. This was a neat
arrangement to integrate legacy NT4 domains - I asked the remote admins to
add the samba server to their domain, and ran "smbpasswd -j <various> -r
<various pdc's>" to end up with multiple machine.sid's in private. All was
wonderful, and then I upgraded . . .

Now 2.2.7a with single secrets.tdb, samba is again added to the various
domains, and can authenticate to any of them individually (their workgroup
in smb.conf), but a %m globals match always produces an auth2 error. I think
samba's pulling the wrong SID out of secrets.tdb, always using the %m
workgroup, but the smb.conf global workgroup SID to authenticate!

Does anyone else bring together NT4 domains with samba to avoid "trusts"? Do
you use this method, how does it work for you?
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list