[Samba] Trusts between Windows 2003 and Samba 3.0 don't work

Wieseckel, Marcus WieseckelM at media-saturn.com
Thu Oct 23 08:55:15 GMT 2003


Hi,

 

I'm running samba 3.0 pre 1 with ldapsam backend on SuSE 8.2 Prof.
Everything works fine. The creation of interdomain trusts between samba -
nt/2000/samba works also without any problems. It's possible to add users
from the trusting domain to local groups, sharing directorys for the other
side and

logon on both sides with different accounts from the other Domain. 

 

The Order when I createing the Trust is follow:

 

1. Createing the trust on the samba side ( net rpc trustdom add win2k3test
password )

2. Check it with net rpc trustdom list

3. Createing a two-way trust on the Windows 2003 side and deactivate all
secure settings in the domaincontroller security policy like
requiresignorseal and Microsoft network server: Digitally sign
commnunications (always)

4. When i try to establish the Trust with net rpc trustdom establish
win2k3test and after this i type in the right password, i get following
error-message. 

 

sql-domlin:/usr/sbin # net rpc trustdom establish win2k3test
Password:
[2003/10/22 14:33:19, 0] utils/net_rpc.c:rpc_trustdom_establish(1829)
  Couldn't not initialise wkssvc pipe


 

I had already raise the log level to 10, but I can't find the problem while
the creation of the trust. Do anyone know what's problem could be? 

I hope the postet information is enough. Thanks for your help

 

Best regards

Marcus

 

My smb.conf:

[global]

        netbios name = SVR_SAMBA
        workgroup = DOM_SAMBA
        serverstring = SVR_SAMBA

        os level = 254
        log level = 10
        log file = /var/log/samba/samba.log

        preferred master = yes
        local master = yes
        domain master = yes
        domain logons = yes
        time server = yes

        security = user
        encrypt passwords = yes

        wins support = yes
        name resolve order = wins lmhosts host bcast

        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        utmp = yes
        keep alive = 30
        host msdfs = yes
        unix charset = UTF8

        interfaces = 127.0.0.1 eth0
        bind interfaces only = true


add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupadd %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u


########################
# Backend-Parameter    #
########################

        passdb backend = ldapsam:ldap://127.0.0.1
        algorithmic rid base = 10000
        winbind cache time = 600
        template shell = /bin/bash
        template homedir = /home/%u
        winbind use default domain = yes
        idmap backend = ldap:ldap://127.0.0.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum groups = yes
        winbind enum users = yes
        ldap admin dn           = cn=ldapadmin,dc=samba,dc=corp
        ldap suffix             = dc=samba,dc=corp
        ldap machine suffix     = ou=machines
        ldap group suffix       = ou=groups
        ldap user suffix        = ou=users





More information about the samba mailing list