[Samba] Trust between two samba

Thomas Werner werner at esmt.org
Wed Nov 3 09:47:26 GMT 2004 

hi,

I want to make trust between two Samba domains BERLIN and MUNICH. I have 
setup the trusting accounts on both machines and get the following output:

BERLIN PDC2 (net rpc trustdom list)
Trusted domains list:
none
Trusting domains list:
MUNICH         S-1-5-21-3721446601-1596180916-2001326887

BERLIN PDC1 LDAP entry
dn: uid=MUNICH$,sambaDomainName=BERLIN,ou=samba,o=berlin,dc=foo,dc=foo
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSAMAccount
uid: MUNICH$
cn: MUNICH$
uidNumber: 20254
gidNumber: 100
homeDirectory: /dev/null
loginShell: /bin/false
description: Munich
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdMustChange: 2147483647
sambaAcctFlags: [I          ]
sambaSID: S-1-5-21-1097058062-1980963795-1926144585-41510
sambaPrimaryGroupSID: S-1-5-21-1097058062-1980963795-1926144585-0
sambaPwdLastSet: 1099396376
sambaPwdCanChange: 1099396376
sambaLMPassword: 1D8478A7A4356C1E064C1222EF6B7213
sambaNTPassword: A81CF52120D8AFF06E2302B63B18C1B3

MUNICH PDC (net rpc trustdom list)
Trusted domains list:
none
Trusting domains list:
BERLIN         S-1-5-21-1097058062-1980963795-1926144585

MUNICH LDAP entry
dn: uid=BERLIN$,sambaDomainName=MUNICH,ou=samba,o=munich,dc=foo,dc=foo
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSAMAccount
uid: BERLIN$
cn: BERLIN$
uidNumber: 20255
gidNumber: 100
homeDirectory: /dev/null
loginShell: /bin/false
description: Berlin
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdMustChange: 2147483647
sambaAcctFlags: [I          ]
sambaSID: S-1-5-21-3721446601-1596180916-2001326887-41508
sambaPrimaryGroupSID: S-1-5-21-3721446601-1596180916-2001326887-0
sambaPwdLastSet: 1099396363
sambaPwdCanChange: 1099396363
sambaLMPassword: 8A38C8AF81EC51ED27F6F0EF4DF14322
sambaNTPassword: 563AEC08AA9A12AC304A813719EC882D

but with "net  rpc trustdom establish MUNICH" on BERLIN PDC2 i get the 
following error:
Password: (i typed the password for the root account, on both domains is 
the same)
Could not connect to server PDC1
The username or password was not correct.
[2004/11/03 10:27:44, 0] utils/net_rpc.c:rpc_trustdom_establish(3075)
  Couldn't verify trusting domain account. Error was 
NT_STATUS_LOGON_FAILURE

on the ldapserver i got no error, samba founds the trusting account. both 
pdc machines uses the same windows 2003 wins server, which is a machine 
member account of berlin. what i forgot? is there a hint or i have to use 
another password?

thx tom

More information about the samba mailing list