[Samba] interdomain trust relationships
Rauno Tuul
rauno.tuul at haigekassa.ee
Sat Oct 18 08:38:21 GMT 2003
Hi,
Probably You have a LDAP passdb. I have and also ran into that problem. I
have samba-3.0.0.
Solution, use smbldap-tools
// create machine account
$ smbldap-useradd.pl -w ntdomain
// set desired password for the account
$ smbldap-passwd.pl ntdomain$
The entry you created, has sambaAcctFlags [W ] but should have [I
]
So make a tiny text file (foobar) for changing the entry:
dn: uid=ntdomain$,ou=Computers,dc=whatever,dc=com
changetype: modify
sambaAcctFlags: [I ]
// Then apply the text file to LDAP
$ ldapmodify -x -h 127.0.0.1 -D "cn=Manager,dc=whatever,dc=com" -W -f
/path-to/foobar
// after You have created one side trust from NT usermanager, run
$ net rpc trustdom establish ntdomain
enter the set password and voila!
It works with samba-3 <-> NT 4 domain
and also samba-3 <-> Windows 2000 AD in mixed mode.
Important: both DC's, samba and NT must have the same WINS server, otherwise
the trust will never work. I windows 2000 WINS and it took a while before
windows machines found the DC of my samba domain.
I hope it helps.
Regards,
Rauno Tuul.
-----Original Message-----
From: Gordon Heydon [mailto:gordon at heydon.com.au]
smbpasswd -a -i xxx
Failed initialise SAM_ACCOUNT for user xxx$.
Failed to modify password entry for user xxx$
I have samba set up so that I can set up users and machine
automatically, so I am not sure what is wrong.
More information about the samba
mailing list