[Samba] Domain trusts (Again)
robert at ruegner.org
Wed Oct 6 09:56:19 GMT 2004
Doug Curtis schrieb:
> I hope someone can answer this since my other emails have gone unanswered.
> I am using Samba 3.0.7 on both machines and am using LDAP. I believe
> that the trusts are working but I am still having a slight problem.
> I guess we'll use DOM1 and DOM2 for the domain names. DOM2 is trusting
> DOM1. If a DOM1 user tries to locally login to a DOM1 computer, it
> gives a "System could not log you on." error. I noticed in the logs
> that it is trying to create a user with the same name but it is getting
> this error:
> "Error: modifications require authentication at
> /usr/local/sbin///smbldap_tools.pm line 885, <DATA> line 283."
> If I manually create a user in DOM1 with the same username, it will then
> let the user in DOM2 login.
> Is this how the trust is supposed to work? The user has to have a posix
> account in both domains?
> Also, if a user is logged into DOM1 and browses to the DOM2 server, the
> DOM2 server automatically creates a posix account for that user, thus
> letting that person login locally to DOM2 from then on. It seems as
> though it is able to create the posix account it needs when browsing but
> not when a user tries to login locally for the first time.
> I hope this makes some sense to someone.
I guess yor trust is not working in the right way so , the pdc
tries to create a temp account with ldap tools ( which fails )
If you have 2 domains with different ldap servers , every domain
must have her own complete accounts cause they acting as complete
different system , as far i know the trust is only handeled by hashes
through the pdcs and given to the clients longing that hash that there
is now a trusted domain.Perhaps some of the gurus will help you out,but
theres also good doku in the samba faqs
More information about the samba