[Samba] Samba as the Trusted Domain

Karel Kulhavý clock at twibright.com
Fri Feb 13 11:29:11 GMT 2004

I have samba-3.0.2 with tdbsam (I don't remember why I moved on
to tdbsam from smbpasswd but something in the past must have required

When trying to add trusting domain according to Samba HOWTO Collection,
page "clxxxvii" (why the heck the pages have such strange Roman hashes
instead of numbers?):

oberon root # smbpasswd -a -i KEVF_D1
New SMB password:
Retype new SMB password:
Failed to initialise SAM_ACCOUNT for user KEVF_D1$.
Failed to modify password entry for user KEVF_D1$

The instructions seem to work only for those who use smbpasswd. I suggest the
documentation maintainer to add similar instructions into the documentation for
tdbsam users.

My smbconf follows:

# Samba config file created using SWAT
# from (
# Date: 2003/11/19 15:51:41

# Global parameters
	security = user
	wins support = no
	workgroup = KEVF_D4
	encrypt passwords = yes
	domain logons = yes
	null passwords = yes
	interfaces = eth1
	preferred master = Yes
	domain master = Yes
	debuglevel = 3
	ldap ssl = no
	admin users = admin,prech,root,test
	hosts allow =
#	hide local users = yes
	name resolve order=lmhosts,bcast

	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

	unix password sync = yes
	passwd program = /bin/passwd "%u"
	passwd chat = *ew*password* %n\n *ew*password* %n\n

	add user to group script = /usr/local/samba/bin/myaddusertogroup "%u" "%g"
	add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbusers -s /bin/false "%u"
	add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g machines -s /bin/false "%u"
	add group script = /usr/local/samba/bin/mygroupadd "%g"
	delete group script = /usr/sbin/groupdel "%g"
	delete user script = /usr/sbin/userdel "%u"
	delete user from group script = /usr/local/samba/bin/mydeleteuserfromgroupscript "%u" "%g"
	delete user script = /usr/sbin/userdel "%u"

	map to guest = Bad User
	passdb backend = tdbsam

	logon drive = h:
	logon home = \\oberon\%U
	logon path = \\oberon\profiles\%U

	server schannel = yes
	server signing = auto

	read only = yes
	guest ok = yes
	browseable = yes
	write list = admin prech root test
	locking = no
	public = no
	csc policy = disable

	comment = Home Directories
	browseable = no
	writable = yes

	comment = Admin Home
	writable = yes
	path = /home/admin

	comment = Root Home
	writable = yes
	path = /home/admin

	comment = test's home
	writable = yes
	path = /home/test

	comment = Linux Kernel Sources
	path = /usr/src/linux

	create mode = 0600
	csc policy = disable
	directory mode = 0700
	comment = Profiles
	path = /usr/local/samba/profiles/
	profile acls = yes
	read only = no

More information about the samba mailing list