[Samba] Domain trusts (Again)

rruegner robert at ruegner.org
Wed Oct 6 09:56:19 GMT 2004

Doug Curtis schrieb:
> I hope someone can answer this since my other emails have gone unanswered.
> I am using Samba 3.0.7 on both machines and am using LDAP.  I believe 
> that the trusts are working but I am still having a slight problem.
> I guess we'll use DOM1 and DOM2 for the domain names.  DOM2 is trusting 
> DOM1.  If a DOM1 user tries to locally login to a DOM1 computer, it 
> gives a "System could not log you on." error.  I noticed in the logs 
> that it is trying to create a user with the same name but it is getting 
> this error:
> "Error: modifications require authentication at 
> /usr/local/sbin///smbldap_tools.pm line 885, <DATA> line 283."
> If I manually create a user in DOM1 with the same username, it will then 
> let the user in DOM2 login.
> Is this how the trust is supposed to work?  The user has to have a posix 
> account in both domains?
> Also, if a user is logged into DOM1 and browses to the DOM2 server, the 
> DOM2 server automatically creates a posix account for that user, thus 
> letting that person login locally to DOM2 from then on.  It seems as 
> though it is able to create the posix account it needs when browsing but 
> not when a user tries to login locally for the first time.
> I hope this makes some sense to someone.
> Thanks,
> Doug
I guess yor trust is not working in the right way so , the pdc
tries to create a temp account with ldap tools ( which fails )
If you have 2 domains with different ldap servers , every domain
must have her own complete accounts cause they acting as complete
different system , as far i know the trust is only handeled by hashes 
through the pdcs and given to the clients longing that hash that there 
is now a trusted domain.Perhaps some of the gurus will help you out,but 
theres also good doku in the samba faqs

More information about the samba mailing list