[Samba] interdomain trust relationships

Rauno Tuul rauno.tuul at haigekassa.ee
Sat Oct 18 08:38:21 GMT 2003


Probably You have a LDAP passdb. I have and also ran into that problem. I
have samba-3.0.0.
Solution, use smbldap-tools

// create machine account
$ smbldap-useradd.pl -w ntdomain

// set desired password for the account
$ smbldap-passwd.pl ntdomain$

The entry you created, has sambaAcctFlags [W          ] but should have [I
So make a tiny text file (foobar) for changing the entry:

dn: uid=ntdomain$,ou=Computers,dc=whatever,dc=com
changetype: modify
sambaAcctFlags: [I         ]

// Then apply the text file to LDAP
$ ldapmodify -x -h -D "cn=Manager,dc=whatever,dc=com" -W -f

// after You have created one side trust from NT usermanager, run
$ net rpc trustdom establish ntdomain

enter the set password and voila!

It works with samba-3 <-> NT 4 domain
and also samba-3 <-> Windows 2000 AD in mixed mode.

Important: both DC's, samba and NT must have the same WINS server, otherwise
the trust will never work. I windows 2000 WINS and it took a while before
windows machines found the DC of my samba domain.

I hope it helps.


Rauno Tuul.

-----Original Message-----
From: Gordon Heydon [mailto:gordon at heydon.com.au]

smbpasswd -a -i xxx
Failed initialise SAM_ACCOUNT for user xxx$.
Failed to modify password entry for user xxx$

I have samba set up so that I can set up users and machine
automatically, so I am not sure what is wrong.

More information about the samba mailing list