[Samba] samba-3 trustdom AD (mixed mode) problem

Rauno Tuul rauno.tuul at haigekassa.ee
Sat Oct 25 23:26:20 GMT 2003


Hi,

I want to get my SAMBA-3.0.0 domain to trust W2K AD (mixed mode) both ways.
I don't want to make my samba box an AD member, just trust it.
Samba-PDC uses ldap as passdb. winbind isn't used. WINS server is running in
W2K PDC server. 
Also created a machine account entry to LDAP base, set samba I flag.

Here we go (using mmc @ w2k PDC):
I add my samba domain to "Domains trusted by this domain" and it nicely says
to me:
"The trusted domain has been added and the trust has been verified"

>From Samba domain I can access AD domain members shares, get AD users list
and so on. IT works.

access from W2K a samba PDC file share: 
"\\samba-pdc is not accessible
The security database on the server does not have a computer account for
this workstation trust relationship".

[2003/10/26 01:57:37, 0]
auth/auth_domain.c:connect_to_domain_password_server(115)
  connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine W2K-PDC. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
[2003/10/26 01:59:15, 0] auth/auth_domain.c:domain_client_validate(167)
  domain_client_validate: Domain password server not available.


I try to add my samba domain to "Domains that trust this domain" list.
W2K asks me, whether to "verify the trust". I say "yes" and get the
following error:

"Trust cannot be verifiew at this time due to the following situation: The
RPC server is unavailable".

[2003/10/26 02:00:06, 0]
auth/auth_domain.c:connect_to_domain_password_server(115)
  connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine W2K-PDC. Error was : NT_STATUS_UNSUCCESSFUL.
[2003/10/26 02:00:06, 0] auth/auth_domain.c:domain_client_validate(167)
  domain_client_validate: Domain password server not available.

>From samba domain side, nothing changes, everythings fine.
But access from W2K samba PDC file share: 
"\\samba-pdc
A device attached to the system is not functioning".
I get the same error, when I try to get SAMBA's user list.

What is wrong? What I must change add to get it work? Is it possible?
Why samba keeps looking for "Domain password server"?

>From samba PDC:
$ net rpc trustdom establish w2kdomain
[2003/10/26 02:10:36, 0] utils/net_rpc.c:rpc_trustdom_establish(1919)
  Success!

Regards,

 Rauno Tuul



More information about the samba mailing list