[Samba] add domain user in local group: trust relationship error

Alex Deiter tiamat at komi.mts.ru
Sat Oct 4 07:01:28 GMT 2003


I manage DC samba CVS 3.0.1pre1 on FreeBSD 5.1 (i386) and cannot add domain
user in local group on win2k pro:

I joined into my domain win2k worksation, login to as domain admin, run
Control Panel -> Users and passwords -> add ->browse,
select any user from domain users, select local group Administrators, and
get error:

The trust relationship between this workstation and the primary domain
failed.

# testparm
Load smb config files from /usr/local/etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[all]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
[global]
        dos charset = 866
        unix charset = KOI8-R
        display charset = KOI8-R
        workgroup = KOMI
        passdb backend = ldapsam, guest
        guest account = guest
        log level = 1 passdb:5
        log file = /var/log/samba/%m.log
        max log size = 50000
        name resolve order = wins host bcast
        time server = Yes
        logon path =
        logon home =
        domain logons = Yes
        os level = 133
        enhanced browsing = No
        wins server = x.x.x.x
        ldap suffix = dc=komi,dc=mts,dc=ru
        ldap machine suffix = ou=Computers,dc=komi,dc=mts,dc=ru
        ldap user suffix = ou=People,dc=komi,dc=mts,dc=ru
        ldap group suffix = ou=Group,dc=komi,dc=mts,dc=ru
        ldap idmap suffix = dc=komi,dc=mts,dc=ru
        ldap admin dn = cn=ldapmanager,dc=komi,dc=mts,dc=ru
        ldap ssl = no
        admin users = @admins
        printer admin = @admins
        use sendfile = Yes

samba logs (log level = 1 passdb:5):

[2003/10/04 10:47:36, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(299)
  secrets_fetch failed!
[2003/10/04 10:47:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: guest
[2003/10/04 10:47:36, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615)
  ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=2514))]
[2003/10/04 10:47:36, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659)
  init_group_from_ldap: Entry found for group: 2514
[2003/10/04 10:47:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: pc-x$
[2003/10/04 10:47:59, 5] passdb/secrets.c:secrets_get_trusted_domains(595)
  secrets_get_trusted_domains: looking for 10 domains, starting at index 0
[2003/10/04 10:47:59, 5] passdb/secrets.c:secrets_get_trusted_domains(675)
  secrets_get_trusted_domains: got 0 domains
[2003/10/04 10:47:59, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(299)
  secrets_fetch failed!
[2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: tiamat
[2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615)
  ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=2513))]
[2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659)
  init_group_from_ldap: Entry found for group: 2513
[2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615)
  ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=2512))]
[2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659)
  init_group_from_ldap: Entry found for group: 2512
[2003/10/04 10:47:59, 0] smbd/service.c:set_admin_user(321)
  tiamat logged in as admin user (root privileges)
[2003/10/04 10:47:59, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1036)
  ldapsam_getsampwnam: Unable to locate user [root] count=0
[2003/10/04 10:47:59, 4] passdb/passdb.c:local_uid_to_sid(1112)
  local_uid_to_sid: User root [uid == 0] has no samba account
[2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(966)
  ldapsam_setsampwent: 211 entries in the base!
[2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: evgenii
[2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: tiamat
...
skip ~200 users
...
  init_sam_from_ldap: Entry found for user: svn
[2003/10/04 10:48:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: nb-dav$
[2003/10/04 10:48:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: guest
[2003/10/04 10:48:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: pc-x$

what to do ?

Thanks!




More information about the samba mailing list