[Samba] Samba.3.0.0 PDC with LDAP as trusting Domain of Win2k PDC

Simon Leung skmleung at hkucc.hku.hk
Wed Oct 8 08:51:14 GMT 2003 

Hi there,

I am running the released version of Samba V3 with OpenLDAP-2.1.22 as PDC. I
have successfully using the bundled smbldap-tool to create user accounts,
machine accounts and my testing PC is able to join the Samba domain.
My problem is:

I have another Win2k PDC and would like the users from it to be able to
logon to the machines in Samba Domain. So I referred the Chapter 16.4.2 from
the How-To doc and did the following things:

1. Goto Active Directory Domains and Trusts
2. Add my Samba Domain in the "Domains that trust this Domain"
3. key in the trust password
4. execute "net rpc trustdom establish myW2kDomain" from Samba
5. typed in the same password as I put as in Item 3 above
6. I was promted with this message from Samba:
utils/net_rpc.c:rpc_trustdom_establish(1919)
  Success!
7. then in W2k PDC, i was prompted to verify the trust so I accepted it, but
here is the problem. In W2kPDC, it said that the Trust cannot be verified at
this time due to the following situation:The RPC server is unavailable. The
I referred to the message log with the following error:

Oct  3 11:04:14 sambav3 smbd[2005]: [2003/10/03 11:04:14,0]
connect_to_domain_password_server: unable to setup the NETLOGON credentials
to machine myW2kPDC. Error was : NT_STATUS_UNSUCCESSFUL.

Oct  3 11:04:14 sambav3 smbd[2005]: [2003/10/03 11:04:14, 0]
auth/auth_domain.c:connect_to_domain_password_server(115)
Oct  3 11:04:14 sambav3 smbd[2005]:   connect_to_domain_password_server:
unable to setup the NETLOGON credentials to machine MyW2kPDC. Error was :
NT_STATUS_UNSUCCESSFUL.

Oct  3 11:04:14 sambav3 smbd[2005]: [2003/10/03 11:04:14, 0]
domain_client_validate: Domain password server not available.

What did I missed?

THX in advanced

BTW......here is part of the smb.conf of the settings:

[global]
        workgroup = SAMBA
        netbios name = SAMBAV3
        server string = Samba Server %v
        security = user
        allow trusted domains = yes

        log level = 10
        log file = /var/log/samba/log.%m
        max log size = 50

        domain logons = Yes
        os level = 33
        local master = yes
        domain master = yes
        preferred master = yes
        encrypt passwords = Yes
        unix password sync = yes
        passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
        password server = *

        ldap server = 127.0.0.1
        ldap port = 389
        ldap suffix = dc=Mysamba, dc=com
        ldap machine suffix = ou=Computers
	   ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        #ldap idmap suffix = ou=idmap
        ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
        ldap admin dn = cn=Manager,dc=Mysamba,dc=com
        ldap ssl = no
        ldap passwd sync = yes
        passdb backend = ldapsam,guest
        admin users = administrator

        hosts allow = ..........allowed IP address
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        oplocks = No
        level2 oplocks = No

        add machine script = /usr/local/sbin/smbldap-useradd.pl -w %U

THX Again

Simon

More information about the samba mailing list